The threat intelligence division of cybersecurity company Check Point has identified Four security vulnerabilities that have affected different Microsoft Office products, including Excel and Office Online. As highlighted by the company, they were the result of analysis errors that were made in the code inherited from the Excel95 file formats, which is why it is believed that security flaws have existed for several years.
“We have found them through a technique called ‘fuzzing’, which consists of taking a program and inserting data in a random and systematic way to see where it can be attacked,” explains Eusebio Nieva, technical director of Check Point in Spain and Portugal. “Thanks to this, we discovered that one of the Office components (MSGraph), which, moreover, has not been updated for a long time, could be used to infect with malicious code if certain types of data were put into it so that it could make mistakes”, completes the expert .
Similar code checks confirmed that the vulnerable feature was commonly used in various Microsoft Office products, such as Excel, Office Online Server y Excel para OSX. The gaps found can be embedded in most known Office documents, so there are multiple attack vectors, although the simplest is through a malicious Excel distributed via a download link or an email .
Since the entire Office suite has the ability to embed Excel files, the attack vector is expanded, making it possible to run such a program in almost any Office software, including Word, Outlook, and others. Upon detection of the bug, Check Point reported the results of its investigation to Microsoft, and the company patched the security vulnerabilities, releasing four system patches. The fourth arrived, precisely, yesterday, June 8. Be that as it may, the cybersecurity firm highlights the importance of keeping the software up to date to avoid risks.