US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug. Make sure you’re patched!

US Cyber Command has issued a warning about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook.

The alert, posted on Twitter, refers to CVE-2017-11774, a vulnerability in Outlook that if exploited could allow an attacker to bypass security features and execute arbitrary commands on targeted Windows computers.

Microsoft issued a patch for the vulnerability in October 2017, but the security hole has since continued to be used by the Iranian-backed APT33 (also known as Elfin) hacking group.

Read More on Hot for Security