Number: AL17-005
Date: 13 April 2017
Purpose
The purpose of this alert is to bring attention to a recently disclosed vulnerability in the Encapsulated PostScript filter of Microsoft Office and its exploitation.
Assessment
CCIRC is aware of attacks exploiting recently patched zero-day vulnerabilities. As a result, CCIRC would like to raise awareness concerning this potentially serious vulnerability, as it may be exploited by malicious actors to perform a range of fraudulent activities, such as accessing sensitive information and installing malware .
Suggested Action
Due to the elevated risk that this vulnerability presents, CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly. CCIRC recommends that priority is given to that patch.
References:
Microsoft Guidance Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/2017-2605
Microsoft Knowledge Based
https://support.microsoft.com/en-us/help/2479871/security-settings-for-graphic-filters-for-microsoft-office-365
TR11-001 Malware Infection Recovery Guide
http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2011/tr11-001-eng.aspx
TR15-004 Top 30 Targeted High Risk Vulnerabilities
http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2015/tr15-004-eng.aspx