Microsoft Office Gets Patched for 4 Vulnerabilities That Could Impact User Security: Check Point Research

Must read

How to disable and delete Samsung Pay from your Galaxy phone

When it comes to paying conveniently, Samsung Pay makes using your phone as a bank card an easy process; however, there may come...

New Nest and Google Wifi M89 update rolling out

Google is in the process of rolling out the “M89” update for the Nest and Google Wifi. There are several user-facing additions, as...
Bhawani Singh
I am a blogger who believes in delivering latest tech news from around the world to my viewers.

Microsoft has patched as many as four vulnerabilities in its Office suite that includes Word, Excel, PowerPoint, Outlook as well as Office Web, Check Point Research said on Tuesday. These vulnerabilities could allow an attacker to impact users through malicious Office documents. The cybersecurity firm identified the security loopholes using an automated software technique called “fuzzing” and reported them to Microsoft in February. While three of the vulnerabilities were fixed last month, the company was able to patch the last one earlier on Tuesday. Users are recommended to update the Microsoft Office suite on their desktops and laptops.

Check Point Research said that the loopholes existed in the MSGraph component that is a part of Microsoft Office products including Word, Outlook, PowerPoint, and Excel, among others. The code that the researchers examined and found to be impacted by the vulnerabilities existed since at least the Office 2003 release launched in August 2003.

“To our knowledge, this component has not received too much attention from the security community until now, making it a fertile ground for bugs,” the Check Point Research noted in a blog post.

The researchers used the “fuzzing” technique to exploit the vulnerabilities using automated software. By using the technique, it was found that most of the Microsoft Office products were vulnerable to attacks using malicious code. This could be delivered to users through a specially crafted Word document in .docx format, Outlook Email in .eml, or an Excel spreadsheet in the .xls format.

“We learned that the vulnerabilities are due to parsing mistakes made in legacy code,” said Yaniv Balmas, Head of Cyber Research at Check Point Software, in a prepared statement. One of the primary learnings from our research is that legacy code continues to be a weak link in the security chain, especially in complex software like Microsoft Office.”

The researchers noted that there could be multiple attack vectors, and the simplest one would be when a victim downloads a malicious .xls file.

Check Point Research said that it disclosed the four vulnerabilities to Microsoft on February 28. Three of these that are classified as CVE-2021-31174, CVE-2021-31178, and CVE-2021-31179 were patched by the software giant on May 11, whereas the last one that is identified as CVE-2021-31939 was fixed on Tuesday.

The researchers at Check Point Research believe that while Microsoft has fixed the four vulnerabilities, there could be some others that may impact users. It is, therefore, recommended to install the latest Microsoft Office suite. Windows 10 users can specifically install the update by going to Settings > Update & security > Windows Update.

Interested in cryptocurrency? We discuss all things crypto with WazirX CEO Nischal Shetty and WeekendInvesting founder Alok Jain on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.

Source link

More articles

Leave a Reply

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

- Advertisement -

Latest article

iPhone 13 Decked With Meteorite Fragments: Luxury Brand Caviar Unveils ‘Parade of the Planets’ Customisations

Caviar, known for creating customised, luxury versions of smartphones, has unveiled the first look of its new lineup for iPhone. The company plans...

Windows 11 will run the Android apps you want (from the app store you don’t)

Microsoft is announcing the next generation of Windows today, complete with an all-new look and feel to its interface. There are a ton...

When Som won us over with his style

Bigg Boss Tamil fame Som aka SomShekhar has a casual but on-point style game. Let's take a look at some of his popular...

NASA Chandra Shares Image Of Supernova 2005V Spotted In Dusty Starburst Galaxy!

The National Aeronautics and Space Administration (NASA) recently shared an image of a sparkling supernova located near the bright central region...

EE to reintroduce Europe roaming charges in January

The mobile operator EE is to charge new customers to use their phones in Europe. Source link
- Advertisement -