|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
From https://twitter.com/GossiTheDog/status/932970759491866624: “We have our first malicious CVE-2017-11882 (OLE Equation Editor) doc in the wild […]”
Background info: Office Equation Editor Security Bug Runs Malicious Code Without User Interaction.
CVE-2017-11882 was fixed in November 14, 2017 Microsoft updates.
Please see the following post from @MrBrian for instructions on how to disable the equation editor if you choose to do so.
Please pay special attention to the bittedness (32 bit or 64 bit) of BOTH your version of Office AND Windows before proceeding, so you know which step(s) is/are needed for your situation.
Also, please read the ENTIRE bulletin he refers you to before proceeding, so you can decide if some functionality you’ve come to depend on within Office will be disabled by disabling the equation editor.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
