Microsoft Office lets hackers execute arbitrary code, update now
>
Cisco Talos cybersecurity researchers recently discovered a very serious vulnerability in Microsoft Office that could allow potential threat actors to remotely execute malicious code on the target endpoint.
The office software developer announced the news in a brief blog post published earlier this week, saying its researcher Marcin “Icewall” Noga discovered a class attribute double-free vulnerability affecting Microsoft Excel.
By executing a weaponized Excel file, the victim would allow the attacker to execute arbitrary code on their device. The vulnerability is now tracked as CVE-2022-41106, and details are scarce.
What we do know is that Microsoft has been notified and has already provided a patch. Excel users are recommended to update their software to version 2207 build 15427.20210 and version 2202 build 14931.20660.
Aimed at office workers
Microsoft’s productivity suite remains one of the most popular attack vectors among cybercriminals. Until recently, Office documents containing malicious macros, distributed via email, were the most popular way for office workers to download and run malware on their computers, opening the door for more destructive cyberattacks such as ransomware or identity theft.
More recently, Microsoft decided to prevent the software from executing macros on files downloaded from the Internet, as opposed to the trusted, local network.
That prompted cybercriminals to move away from macros and towards Windows shortcut (.lnk) files that are now commonly used to sideload malicious .dlls and other types of malware.
Regardless of the security measures put in place by software makers and companies, one truth remains: the employees are still the weakest link in the cybersecurity chain. Unless they are educated and trained to stop cyber-attacks, scammers will always find a way to trick them into downloading and running malware.
In addition, ensuring staff are not overworked and distracted can also help improve any company’s cybersecurity posture.