One of Microsoft’s most popular products, the Office suite is widely used by both regular users and the corporate world — which until recently were subject to 4 serious security flaws. Discovered by Check Point Security, and now fixed by the Seattle company, they allowed the execution of remote codes hidden in documents that looked legitimate.
According to the security company, the vulnerabilities make it possible for malicious documents such as Word (.DOCX), Excel (.EXE) and Outlook (.EML) to be used by criminals to initiate remote code execution. They originated in old code in Excel95 file formats, an element that makes researchers believe they have been around for years.
Failures affect the entire Office ecosystem
“The vulnerabilities found affect almost the entire Microsoft Office ecosystem. It is possible to carry out this type of attack on virtually any Office software, including Word, Outlook and others,” explains Yaniv Balmas, head of cyber research at Check Point Security. “I strongly recommend Windows users to immediately update their software, as there are numerous attack vectors that can be used by criminals,” he warns.
CheckPoint Security explains that the vulnerabilities were discovered in MSGraph, a system built into Office for displaying graphs and tables. Using a method known as fuzzing (which automates software testing), the company found flaws in different products, both Windows and OSX versions.
According to the company, all failures were reported to Microsoft before their public disclosure. She also says that a security update related to the case was released on Tuesday (8) and should be installed as soon as possible by all users of the productivity-focused suite of applications — click here to find out how to check if an update is available .
The post Office bugs allowed using fake files to execute remote code appeared first on CmaTrends.