The U.S. Cyber Command has found that a known Microsoft Outlook bug is being used to launch malicious attacks, Nextgov reported Friday. CYBERCOM said in a tweet dated July 3 that it recommends immediate patching for systems that may be impacted by malware.
According to Milpita, Calif.-based cybersecurity firm FireEye,  Iranian and other adversary hackers have been exploiting the CVE-2017-11774 bug to “cause confusion for many security professionals.â€
“If Outlook launches something malicious, a common assumption is that the impacted user has been phished — which is not what is occurring here. The organization may waste valuable time without focus on the root cause,†the company said in a statement.
Previously, FireEye published a blog post that identifies a group called APT33 that works “at the behest of the Iranian government†as the source for such threats.
