Beware of New Email Phishing Campaign Exploiting Microsoft Office Vulnerabilities

McMaster IT Security urges faculty, staff, and students to stay alert for suspicious emails due to an ongoing phishing campaign targeting organizations in North America and Europe.  

This particular campaign capitalizes on vulnerabilities in Microsoft Office and Windows by using specially crafted Microsoft Office Documents. Cybercriminals are sending out emails containing malicious Word documents, often disguised as news articles. 

The malicious documents carry code that allows attackers to execute remote actions on the victim’s system once the file is opened. It is essential to note that these attacks can only succeed if the recipient opens the malicious attachment. To safeguard against such threats, please remain vigilant and promptly report any suspicious emails to is-spam@mcmaster.ca. 

Microsoft is aware of these attacks and is actively investigating the situation. However, as of now, no patch has been released to address this vulnerability. Once Microsoft completes its investigation, it will take action to safeguard its customers, which may include releasing a security update.  

To learn how to protect yourself and others from phishing, please see the IT Security phishing resources and IT security tips for students.  

For recent examples of phishing messages that have been sent to McMaster community members, please visit the IT Security Phish Bowl website. 

Additional information and technical details about this specific vulnerability are available on the Microsoft website: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884