Breaking News

EnGenius Launches Cloud-Lite Switch Series MSI Redefines Productivity and Versatility with Its New 144Hz Business Monitor Razer announces Kishi V3 Lineup PNY Unveils New DUO LINK V3 Flash Drive PlayStation Plus Game Catalog for June 2025

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Hackers Target Microsoft Office's Vulnerabilities

Hackers Target Microsoft Office's Vulnerabilities

Enterprise & IT Apr 15,2019 0

Cybercriminals have moved away from using Web-based vulnerabilities in favor of MS Office ones, according to Kaspersky.

Kaspersky researchers Boris Larin, Vlad Stolyarov, and Alexander Liskin have identified changes to the threat landscape in the last two years. They compared a distribution of attacked users by targeted platforms from the end of last year with one from just two years ago. They found that cybercriminals moved away from using Web-based vulnerabilities in favor of MS Office ones — but the extent of the change surprised even them: In the past few months, MS Office, with a more than 70% share of attacks, became the most targeted platform.

Starting last year, a bunch of zero-day exploits for MS Office began to pop up. These usually begin with targeted campaign but eventually go public and end up integrated into a malicious document builder. The turnaround time has shortened substantially, however. "For example, in the case of CVE-2017-11882, the first equation editor vulnerability our expert saw, a huge spam campaign started the same day the proof of concept was published. That’s true of other vulnerabilities as well — once a technical report for a vulnerability goes public, an exploit for it appears on the dark market in a matter of days. Bugs themselves have become much less complex, and sometimes a detailed write-up is all a cybercriminal needs to build a working exploit, " Kaspersky says.

A look at the most exploited vulnerabilities of 2018 shows that malware authors prefer simple, logical bugs, since they are reliable and work in every version of Word released in the past 17 years. And, most important, building an exploit for either one requires no advanced skills, because the equation editor binary didn’t have any of the modern protections and mitigations you’d expect from an application in 2018.

An interesting side note, none of the top most exploited vulnerabilities are in MS Office itself. Rather, the vulnerabilities exist in related components.

In 2018 alone, Kaspersky found multiple zero-day vulnerabilities exploited in the wild. Among them is CVE-2018-8174 (the Windows VBScript Engine Remote Code Execution Vulnerability). This vulnerability is especially interesting, because the exploit was found in a Word document, but the vulnerability is actually in Internet Explorer.

Tags: HackingmalwareCybersecurityKasperskymicrosoft office
Previous Post
Qualcomm Faces Apple In Critical San Diego Legal Battle
Next Post
Volkswagen 's ID. ROOMZZ Electric SUV Concept Launches in Shanghai

Related Posts

  • MSI has been hacked, be warned about where you download files

  • Hackers gain access to PS5 Debug Menu and show decrypted PS5 firmware files

  • HP Threat Research Shows Attackers Exploiting Zero‐Day Vulnerability Before Enterprises Can Patch

  • EA Gets hacked - 780GB of data and sourcecode stolen

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Intel and Microsoft Convert Malware to Images to Spot Threads Faster

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • Microsoft Offers You $100,000 If You Can Hack the Linux-based Azure Sphere

Latest News

EnGenius Launches Cloud-Lite Switch Series
Enterprise & IT

EnGenius Launches Cloud-Lite Switch Series

MSI Redefines Productivity and Versatility with Its New 144Hz Business Monitor
Enterprise & IT

MSI Redefines Productivity and Versatility with Its New 144Hz Business Monitor

Razer announces Kishi V3 Lineup
Smartphones

Razer announces Kishi V3 Lineup

PNY Unveils New DUO LINK V3 Flash Drive
PC components

PNY Unveils New DUO LINK V3 Flash Drive

PlayStation Plus Game Catalog for June 2025
Gaming

PlayStation Plus Game Catalog for June 2025

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Arctic Liquid Freezer III 420 - 360

Arctic Liquid Freezer III 420 - 360

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Soundpeats Pop Clip

Soundpeats Pop Clip

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Noctua NH-D15 G2

Noctua NH-D15 G2

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed