Microsoft Office Gets Patched for 4 Vulnerabilities That Could Impact User Security: Check Point Research
Microsoft Corporation is a Redmond, Washington-based multinational technology company. It creates, manufactures, licenses, supports, and sells computer software, consumer electronics, and personal computers, as well as related services. The Microsoft Windows line of operating systems, the Microsoft Office suite, and the Internet Explorer and Edge web browsers are among its most well-known software products. The Xbox video game consoles and the Microsoft Surface lineup of touchscreen personal computers are its flagship hardware products. Microsoft was ranked No. 21 in the 2020 Fortune 500 list of the largest corporations in the United States based on total revenue.
Microsoft Office, also known as simply Office, is a collection of client software, server software, and services created by Microsoft. Bill Gates first announced it on August 1, 1988, at COMDEX in Las Vegas. The first version of Office was a marketing term for an office suite (a bundled set of productivity applications), and it included Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. Office applications have grown significantly closer over time, with shared features such as a common spell checker, OLE data integration, and the Visual Basic for Applications scripting language.
The Vulnerabilities Found
Microsoft has fixed up to four vulnerabilities in its Office suite, which includes Word, Excel, PowerPoint, Outlook, and Office Web, according to Check Point Research on Tuesday. These flaws could allow an attacker to infect users via malicious Office documents. The security flaws were discovered by the cybersecurity firm in February using an automated software approach known as “fuzzing,” and they were reported to Microsoft. While three of the vulnerabilities were patched earlier this month, the organization was able to patch the final one earlier on Tuesday. It is advised that users upgrade the Microsoft Office suite on their desktops and laptops.
Check Point Research revealed there were flaws with the MSGraph portion, encompassing Word, Outlook, PowerPoint, and Excel, which is part of Microsoft Office products. The code that the researchers investigated and discovered to be vulnerable existed from at least the Office 2003 release in August 2003.
“To our knowledge, this component has not received too much attention from the security community until now, making it a fertile ground for bugs,” Check Point Research mentioned in a blog post.
Source: research.checkpoint.com
The researchers used the “fuzzing” method to use automated software to exploit the vulnerability. Using the method, the majority of Microsoft Office products were found to be vulnerable to malicious code attacks. This can be sent to the user by means of an Excel spreadsheet or a .xls-format specially crafted Word document in a.docx format, Outlook E-mail.
“We learned that the vulnerabilities are due to parsing mistakes made in legacy code,” Check Point Software’s Head of Cyber Research, Yaniv Balmas, said in a prepared statement. One of the primary learnings from our research is that legacy code continues to be a weak link in the security chain, especially in complex software like Microsoft Office.”
Image Source: research.checkpoint.com
The researchers pointed out that there could be multiple attack vectors, with the most basic being when a victim downloads a malicious.xls file. Check Point Research stated that the four vulnerabilities were disclosed to Microsoft on February 28. Three of these, CVE-2021-31174, CVE-2021-31178, and CVE-2021-31179, were patched by the software giant on May 11, while the fourth, CVE-2021-31939, was fixed on Tuesday.
Check Point Research researchers believe that, while Microsoft has fixed the four vulnerabilities, there may be others that affect users. It is therefore advised to install the most recent Microsoft Office suite. Users of Windows 10 can install the update by going to Settings > Update & security > Windows Update.