Home News Critical Microsoft Office Products Flaw Let Attackers to Weaponize Word

    Critical Microsoft Office Products Flaw Let Attackers to Weaponize Word

    24
    0


    Microsoft Office flaw

    Researchers from Test Level revealed safety vulnerabilities within the Microsoft Workplace suite that cloud permits attackers to craft weaponized Phrase and Excel paperwork.

    Evaluation of Vulnerabilities in Microsoft Workplace Element

    For the evaluation, the consultants used fuzzing strategies to check the MSGraph COM part (MSGraph.Chart.8, GRAPH.EXE), a part that was included within the suite since Workplace 2003 or earlier.

    MSGraph is a part that may be embedded inside many Microsoft Workplace merchandise comparable to Phrase, Outlook, PowerPoint, and so on., and is used to show graphs and charts. When it comes to the assault floor, MSGraph is sort of just like Microsoft Equation Editor 3.0.

    Checkpoint consultants mention that “MSGraph is sort of just like Microsoft Equation Editor 3.0. Nevertheless, in contrast to Microsoft Equation Editor, MSGraph remains to be up to date in each Workplace patch and receives the most recent mitigations (comparable to ASLR and DEP), which makes profitable exploitation tougher. We later discovered that this assault floor additionally applies to different Microsoft Workplace merchandise, together with Excel and Workplace On-line, that share the identical code.”

    Due to this fact consultants identified the susceptible operate inside MSGraph that’s generally used throughout a number of totally different MS Workplace merchandise, comparable to Excel (EXCEL.EXE), Workplace On-line Server (EXCELCNV.EXE), and Excel for OSX.

    “We discovered by way of code similarity checks that the susceptible operate is usually used throughout a number of totally different Microsoft Workplace merchandise, comparable to Excel (EXCEL.EXE), Workplace On-line Server (EXCELCNV.EXE), and Excel for OSX. We efficiently reproduced a few of the bugs in these merchandise”, say the researchers from CheckPoint.

    4 Vulnerabilities Disclosed

    Fixes Obtainable

    Microsoft fixes CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 (Patch Tuesday) in Might 2021.The CVE-2021-31939 is predicted to be fastened in June 2021

    The analysis was executed on a single part of Microsoft Workplace and located many vulnerabilities that have an effect on a number of merchandise on this ecosystem.

    In consequence, a set of recordsdata might be embedded in numerous methods to probably exploit totally different Workplace merchandise throughout a number of platforms, Concludes the report.

    You’ll be able to observe us on LinkedinTwitterFacebook for day by day Cybersecurity and hacking information updates.

    Additionally Learn

    Hackers Abuse Microsoft Build Engine to Deliver Password-Stealing Malware Filelessly

    Microsoft Released CyberBattleSim – A Python-based Enterprise Environment Simulator





    Source link