Free Newsletters for the Channel
Register for Your Free Newsletter Now
Older versions of Microsoft Office suite are an invitation for attackers.
August 16, 2022
New Kaspersky research shows Microsoft Office exploits increased during the second quarter. They accounted for 82% of the total number of exploits across different platforms. That includes Adobe Flash, Android, Java and more.
Old versions of applications remain the main targets for attackers. Corresponding vulnerabilities affected nearly 547,000 users in the last quarter.
Moreover, the number of users affected by the Microsoft MSHTML Remote Code Execution vulnerability, which was previously spotted in targeted attacks, skyrocketed by eight times. This zero-day vulnerability in Internet Explorer’s engine MSHTML was first reported last September. The engine is a system component that Microsoft Office applications use to handle web content. When exploited, it enables the remote execution of malicious code on victims’ computers.
Alexander Kolesnikov is a malware analyst at Kaspersky.
Kaspersky’s Alexander Kolesnikov
“What is common for the mentioned vulnerabilities is the possibility of making variations of the exploit to change the file structure,” he said. “It may help to bypass some protection systems other than our solution. For example, if such antivirus is installed on the device, and there is also no patch for Microsoft Office suite, then attackers can easily circumvent the security system and reach their goal. Also, these vulnerabilities are popular due to being simple in terms of exploitation and implementation. An attacker without deep technical knowledge is able to write an exploit for them.”
Kaspersky said older versions of Microsoft Office suite are an invitation for attackers. For instance, cybercriminals used two vulnerabilities to attack almost 487,000 users via older versions of Microsoft Office suite programs. Those programs remain popular and are still a highly attractive target for criminals. Exploiting these vulnerabilities, attackers typically distributed malicious documents to damage the memory of the Equation Editor component and ran malicious code on the victim’s computer.
Another vulnerability affected more than 60,000 users. If exploited successfully, this vulnerability enables attackers to control a victim’s computer, and view, change or delete data without their knowledge.
“All of the mentioned vulnerabilities were found in consequence of a targeted attack,” Kolesnikov said. “An exploit file was discovered either from the victims’ computer or on VirusTotal. After that, these vulnerabilities went popular for a wide range of purposes and became workhorses for attackers. For instance, now they are used to spread miners or ransomware, or even for targeted attacks as well.”
Attackers will definitely use these vulnerabilities this quarter and beyond, Kolesnikov said.
“Despite the fact that some of them date back to 2017-2018, they are still used in new attacks,” he said. “The reason is simple. Phishing accounts for a large share of attacks on companies, with documents being the most convenient way to infect a device. If a new, similar vulnerability appears, it will also quickly become popular among attackers.”
To prevent attacks via Microsoft Office vulnerabilities, Kaspersky researchers recommend implementing the following measures:
Provide your security operations center (SOC) team with access to the latest threat intelligence (TI).
Receive relevant and up-to-date information on threats to be aware of and the tactics, techniques and procedures (TTPs) used by attackers.
Use se a security solution that provides vulnerability management components. Also, EDR and MDR can help detect and prevent attacks at an early stage.
You May Also Like
Cloud Computing News: AWS Loses Another Key Exec to Azure; Canalys, Vega Cloud, Hyve NewsFeb 23, 2024
Channel Futures Reveals 2024 Circle of Excellence InducteesFeb 23, 2024
Canalys Channel Leadership Matrix Names AWS, Cisco, HP Among 'Champions'Feb 22, 2024
CrowdStrike, SonicWall Cyber Threat Reports Highlight Attacks, Popular TacticsFeb 21, 2024