From PoC to Pwned: New Exploits Appear in Attacks Just Days After Disclosure


Recently, I  identified five Microsoft Office vulnerabilities from 2017 and 2018 that helped fuel an ongoing wave of attack campaigns. The security weaknesses were zero-days at the time of their discovery, meaning malefactors had plenty of time to write exploit code and incorporate it into their attack campaigns. Microsoft subsequently patched the bugs, but those fixes haven’t stopped attackers from abusing the flaws anyway.

Article Link: