One of the strangest things to witness in the early 21st century has been the rise of cyberwarfare. No longer just the product of science fiction, cyberattacks are a common and dangerous threat that allows nation states to wreak havoc upon their enemies without firing a single shot. From espionage and propaganda offenses to full-on malware attacks, there’s no telling just how the internet will be weaponized in the wars to come.
Thanks to recent hostilities in the Persian Gulf, the U.S. has authorized a number of offensive cyberstrikes against the Iranian military. The attacks were successful, but U.S. Cyber Command is confident that Iran isn’t taking this lying down. They’ve detected a number of major security breaches in Microsoft Outlook — and have fingered Iran as the culprit!
We’ve gone over a number of patches that Microsoft has released to fix the security holes in its software and products, but Cyber Command doesn’t just plan on waiting around for people to update. They’re publicly urging anyone with a Windows computer to patch their system immediately. Otherwise, it might be at risk for collateral damage in the latest cyberwar.
Why is the Pentagon warning Americans to update their Windows machines?
United States Cyber Command has made no secret of its recent cyber offensives against the Iranian Revolutionary Guard Corps. What’s surprising everyone, however, is how public they’re being about Iran’s response to the tensions. USCC has issued an alert on Twitter warning users about a new threat to Windows computers that they claim can be sourced back to the Iranian military.
USCYBERCOM has discovered active malicious use of CVE-2017-11774 and recommends immediate #patching. Malware is currently delivered from: ‘hxxps://customermgmt.net/page/macrocosm’ #cybersecurity #infosec
— USCYBERCOM Malware Alert (@CNMF_VirusAlert) July 2, 2019
This threat takes advantage of a known security vulnerability found in Microsoft Outlook called “CVE-2017-11774.” This Outlook vulnerability can be exploited by malware disguised as an ordinary file or email attachment.
Once opened, the malicious file can infect the host computer and execute commands that could potentially wipe out data, steal information, and spread the malware even further.
Installing Microsoft’s patch is the surest way to protect yourself against the emerging threat. Thankfully, this patch isn’t new, and the vulnerability has been well known since at least 2017. Still, a massive number of computers have not been patched or updated, prompting the U.S. military to step in and urge consumers to secure their systems.
How can I protect my system from the Outlook exploit?
Once the patch is installed, a system is no longer vulnerable to the Outlook exploit. The update is available from Microsoft at this special download page. To determine which version of the patch you’ll need, you’ll have to look up which version of Outlook you have.
This can be done by clicking File inside Outlook, and then select Office Account or Help if the former isn’t visible. You’ll find which version and build number you’re using under Product Information. To see if you’re using the 32-bit or 64-bit version, select About Outlook.
For more information, you can check out Microsoft’s support article for Outlook here. If you have an older PC on Windows 8 or lower, they also have a tutorial about how to check which Outlook version you have on this page.
As scary as cyberwar can be, there’s no risk of personal harm provided you take the necessary steps to protect your computer. That and avoiding unfamiliar files or email attachments can go a long way in keeping your system safe, secure, and private.