Microsoft Office Gets Patched for 4 Vulnerabilities That Could Impact User Security: Check Point Research

Must read

Pixel 6 and 6 Pro to get new ‘Motif’ wallpapers [Gallery]

As the launch event for the Pixel 6 and 6 Pro grows nearer, Google continues to put finishing touches on the user experience....

Best Samsung Galaxy Z Flip 3 wireless chargers 2021

Best Samsung Galaxy Z Flip 3 wireless chargers Android Central 2021 The Samsung Galaxy Z Flip 3 is a slick little number, but its compact size and...

Forspoken release date, trailers, news and rumors

Forspoken is the name of the new action RPG from Square Enix formerly known as ‘Project Athia’ coming exclusively to PS5 and PC...
Bhawani Singh
I am a blogger who believes in delivering latest tech news from around the world to my viewers.

Microsoft has patched as many as four vulnerabilities in its Office suite that includes Word, Excel, PowerPoint, Outlook as well as Office Web, Check Point Research said on Tuesday. These vulnerabilities could allow an attacker to impact users through malicious Office documents. The cybersecurity firm identified the security loopholes using an automated software technique called “fuzzing” and reported them to Microsoft in February. While three of the vulnerabilities were fixed last month, the company was able to patch the last one earlier on Tuesday. Users are recommended to update the Microsoft Office suite on their desktops and laptops.

Check Point Research said that the loopholes existed in the MSGraph component that is a part of Microsoft Office products including Word, Outlook, PowerPoint, and Excel, among others. The code that the researchers examined and found to be impacted by the vulnerabilities existed since at least the Office 2003 release launched in August 2003.

“To our knowledge, this component has not received too much attention from the security community until now, making it a fertile ground for bugs,” the Check Point Research noted in a blog post.

The researchers used the “fuzzing” technique to exploit the vulnerabilities using automated software. By using the technique, it was found that most of the Microsoft Office products were vulnerable to attacks using malicious code. This could be delivered to users through a specially crafted Word document in .docx format, Outlook Email in .eml, or an Excel spreadsheet in the .xls format.

“We learned that the vulnerabilities are due to parsing mistakes made in legacy code,” said Yaniv Balmas, Head of Cyber Research at Check Point Software, in a prepared statement. One of the primary learnings from our research is that legacy code continues to be a weak link in the security chain, especially in complex software like Microsoft Office.”

The researchers noted that there could be multiple attack vectors, and the simplest one would be when a victim downloads a malicious .xls file.

Check Point Research said that it disclosed the four vulnerabilities to Microsoft on February 28. Three of these that are classified as CVE-2021-31174, CVE-2021-31178, and CVE-2021-31179 were patched by the software giant on May 11, whereas the last one that is identified as CVE-2021-31939 was fixed on Tuesday.

The researchers at Check Point Research believe that while Microsoft has fixed the four vulnerabilities, there could be some others that may impact users. It is, therefore, recommended to install the latest Microsoft Office suite. Windows 10 users can specifically install the update by going to Settings > Update & security > Windows Update.

Interested in cryptocurrency? We discuss all things crypto with WazirX CEO Nischal Shetty and WeekendInvesting founder Alok Jain on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.

Source link

More articles

Leave a Reply

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

- Advertisement -

Latest article

YouTube Music to go audio-only for non-premium users

YouTube Music is soon going audio-only for free users and will no longer play music videos alongside the audio. The platform recently announced...

British entrepreneur sells company to Twitter

Nick D'Aloisio previously sold an app to Yahoo when he was only 17 years old. Source link

Assassin’s Creed Valhalla’s next expansion could take a leaf from God of War: Ragnarok

Assassin's Creed Valhalla's third expansion is on the way, and while we know little official information on the project, a well-known dataminer has...

Windows 11 Beta Testers Can Now Download Android Apps Through Microsoft Store

Windows 11 beta testers can now install Android apps on their systems directly through the Microsoft Store. The new experience comes months after...
- Advertisement -