A short-lived phishing campaign has been observed taking advantage of a novel exploit. The exploit bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability. Microsoft addressed the vulnerability as part of its September 2021 Patch Tuesday updates. The new campaign aims to get around the patch’s protection by morphing a publicly available Office exploit and weaponizing it to distribute Formbook malware. The success of the attack can, in part, be attributed to a “too-narrowly focused patch””]
Source: https://thehackernews.com/2021/12/new-exploit-lets-malware-attackers.html