Security advisories

Office Equation Editor Vulnerability

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

A flaw has been disclosed in all versions of Microsoft Office that allows for remote code execution. Microsoft has reported that this vulnerability is being actively exploited in the wild. As such, implementing remediation measures should be given a high priority. The vulnerability could allow a threat actor to execute files without macros via a specially crafted file, making the malicious content harder to detect. If successfully exploited on a user with administrative rights, the attacker could create new accounts, install or delete programs and view or edit data. Attacks exploiting the Office Equation Editor vulnerability can be delivered through either phishing emails or webpages hosting a malicious document. Since being made aware of the flaw, Microsoft has released a patch in their last regularly scheduled Patch Tuesday.

 

What we are doing about it

 

What you should do about it

 

Additional information

 

[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802

View Most Recent Advisories