ThreatsDay: Defender 0-day, SonicWall brute-force campaign, 17-year-old Excel RCE surface

A cluster of active threats hit simultaneously this week. A zero-day in Microsoft Defender is being exploited in the wild, while SonicWall appliances face a coordinated brute-force campaign targeting exposed management interfaces. Most notable among the legacy issues: a remote code execution path in Excel traced back 17 years, still viable against unpatched installations.

The bulletin aggregates 18 distinct threat items, spanning endpoint defense bypass, perimeter device abuse, and deep-rooted Office parser flaws. The Defender 0-day is particularly concerning given its role as a last line of detection on Windows endpoints - a bypass here blinds many organizations’ primary EDR signal. SonicWall brute-force activity suggests attackers are systematically harvesting credentials from devices that often sit on the network edge with weak lockout policies.

The 17-year Excel RCE underscores a recurring pattern: parser code written before modern memory safety practices continues to surface exploitable bugs long after the features themselves are forgotten. Organizations running older Office versions or failing to apply cumulative updates remain exposed to exploitation chains that predate most of their current security stack.