Published on: 11 April 2017
Last update on: 12 April 2017
A vulnerability is identified in Microsoft Office which is caused by the OLE2Link object issue. An attacker could entice a user to open a malicious document to exploit the vulnerability.
Reports indicate that the vulnerability is being exploited in the wild.
A successful attack could lead to arbitrary code execution.
Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
For details, please refer to the Microsoft's website at:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/
https://www.fireeye.com/blog/threat-research/2017/04/acknowledgement_ofa.html
https://www.hkcert.org/my_url/en/alert/17041101
http://www.kb.cert.org/vuls/id/921560