The U.S. Cyber Command has found that a known Microsoft Outlook bug is being used to launch malicious attacks, Nextgov reported Friday. CYBERCOM said in a tweet dated July 3 that it recommends immediate patching for systems that may be impacted by malware.
According to Milpita, Calif.-based cybersecurity firm FireEye, Iranian and other adversary hackers have been exploiting the CVE-2017-11774 bug to “cause confusion for many security professionals.”
“If Outlook launches something malicious, a common assumption is that the impacted user has been phished — which is not what is occurring here. The organization may waste valuable time without focus on the root cause,” the company said in a statement.
Previously, FireEye published a blog post that identifies a group called APT33 that works “at the behest of the Iranian government” as the source for such threats.