New Microsoft Office Vulnerabilities
Spam campaigns delivering Zyklon HTTP malware are attempting to exploit three relatively new Microsoft Office vulnerabilities. The attacks are targeting telecommunications, insurance and financial service firms.
New Microsoft Office vulnerabilities
Researchers said attacks begin with spam campaigns delivering malicious ZIP archives that contain one of several type DOC files that ultimately exploit one of the three Microsoft Office vulnerabilities.
In the meantime, the vulnerability was, in fact, being exploited. According to Gartner research, the vast majority of vulnerabilities are exploited within about two weeks, or not at all. The first attacks, which came in late January, seemed to target military and political figures in Ukraine and Russia, and the nature of the attacks suggested that they were state sponsored. Further attacks using the exploit were detected by multiple cybersecurity firms over the next few months, and on April 9, 2017, a program exploiting the vulnerability was found being sold on the dark web. The next day, malware using the exploit was sent to millions of computers in Australia.
Organizations that also rely on relevant and timely threat intelligence coming from third parties will have a better chance of responding to critical vulnerabilities quickly enough to reduce risk of exploitation.
Check Point Research (CPR) urges Windows users to update their software, after discovering four security vulnerabilities that affect products in Microsoft Office suite, including Excel and Office online. Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook.
Check Point Research (CPR) identified four security vulnerabilities affecting products in the Microsoft Office suite, including Excel and Office online. If exploited, the vulnerabilities would grant an attacker the ability to execute code on targets via malicious Office documents, such as Word (.DOCX), Excel (.XLS) and Outlook (.EML). The vulnerabilities are the result of parsing mistakes made in legacy code found in Excel95 File Formats, giving researchers reason to believe that the security flaws have existed for several years.
In 2018, criminals used three different vulnerabilities in Microsoft 365 involving downloading infected Word files to spread the Malware Zyklon. Even at the bargain price of $75, the malware could be used for a wide range of attacks. It can steal credentials, spread malware, mine cryptocurrency and launch distributed denial-of-service attacks.
Instead of switching products, which likely will have minimal positive effects, organizations should focus on reducing risks and vulnerabilities across the board, regardless of the vehicle criminals use to spread malicious files. By instead focusing on employee training and creating a culture of cybersecurity, organizations can reduce the odds that an employee will fall for a phishing scheme.
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.
Three of the top 15 routinely exploited vulnerabilities were also routinely exploited in 2020: CVE-2020-1472, CVE-2018-13379, and CVE-2019-11510. Their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.
In addition to the 15 vulnerabilities listed in table 1, U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities identified vulnerabilities, listed in table 2, that were also routinely exploited by malicious cyber actors in 2021.
These vulnerabilities include multiple vulnerabilities affecting internet-facing systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure. Three of these vulnerabilities were also routinely exploited in 2020: CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882.
Palo Alto Networks Unit 42 threat researchers have been credited with discovering 27 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC), as part of its last nine months of security update releases.
Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android and other ecosystems, with more than 200 critical vulnerabilities discovered. Our researchers give regular talks at security conferences such as BlueHat and Black Hat.
By proactively identifying these vulnerabilities, developing protections for our customers and sharing the information with the security community, we are removing weapons used by attackers to threaten users and compromise enterprise, government and service provider networks.
It's becoming the rule rather than the exception that Microsoft's Patch Tuesday security update brings bad news for Windows users in the form of actively exploited zero-day vulnerabilities. And good news that patches are available, of course. The November update does not disappoint in either regard, with no less than four new Windows zero-day attacks and fixes confirmed.
The latest Patch Tuesday security update provides security patches for no less than 68 vulnerabilities, of which 11 are rated as critical in nature. What's more, six are actively exploited zero-days; the additional two covering the Exchange Server CVE-2022-41040 and CVE-2022-41082 state-sponsored ProxyNotShell attacks I reported on last month. "It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities in targeted attacks against at least 10 large organizations," Mike Walters, vice president of vulnerability and threat research at Action1, says. "It is good news that an official patch is available now," Walters concludes, "installing it promptly is highly advisable."
Microsoft says it has found no attacks attempting to exploit the reported Office vulnerabilities, but it is continuing to investigate. googletag.cmd.push(function() googletag.display('div-gpt-ad-1449240174198-2'); ); Microsoft is investigating public reports of vulnerabilities in Microsoft Office.Reports of several new security holes in Microsoft Office have been made public on known exploit sites. The company did not release specific information about the vulnerabilities, citing potential risk to users."Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time," said a spokesperson for the company, based in Redmond, Wash. "Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary."Postings about the vulnerabilities indicate that exploitation could lead to a program crash or the execution of arbitrary code.Amol Sarwate, manager of vulnerability research at Qualys, a provider of on-demand security risk and compliance management solutions, based in Redwood Shores, Calif., said the widespread use of Microsoft Word makes the vulnerabilities even more threatening."Considering the prevalence of Microsoft Word, the fact that these vulnerabilities target unsuspecting users and also the consequence - total compromise of the system - I would say these vulnerabilities are very serious," Sarwate said. "In addition, zero-day targeted attacks - for CVE-2007-0870 - have amplified the need for a patch."However, Sarwate added it is important to differentiate between proof-of-concept code and exploit code. "When POC - zero-day - code exists, is does raise the concern, but does not necessarily mean that exploit code will be released or that people will be exploited," he said.Copyright 2007 by Ziff Davis Media, Distributed by United Press International Citation:MS Word Vulnerabilities Reported on Exploit Sites (2007, April 11)retrieved 9 February 2023from -04-ms-word-vulnerabilities-exploit-sites.html This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only. 0 shares Facebook
This security update contains the following:MacOS Release Notes Office Click-2-Run and Office 365 Release Notes KB5002057 KB5002119 KB5002116 KB5002122 KB5002064 KB5002124 KB4462205 KB5002128 KB5002060 KB5002115 KB5002052 KB5002114 KB5002107 QID Detection Logic (Authenticated): MacOsThis QID looks for the vulnerable version of Apps- Microsoft Excel, Microsoft Word, Microsoft PowerPoint, and Microsoft Outlook installed on MacOS.QID Detection Logic (Authenticated): WindowsThis QID looks for registry keys HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot,HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\InstallRoot, HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot, HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot while checking for files "stslist.dll" and "Graph.exe". For MS Excel, it checks for registry keys HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot, HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\InstallRoot and looks for file "winword.exe", "excel.exe". Apart from these registry keys and files, the QID scans files named acecore.dll and mso.dll to check for vulnerable versions.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.ConsequenceSuccessful exploitation allows an attacker to execute code remotely.SolutionRefer to Microsoft Security Guidance for more details pertaining to this vulnerability.MacOS Release Notes Office Click-2-Run and Office 365 Release Notes KB5002057 KB5002119 KB5002116 KB5002122 KB5002064 KB5002124 KB4462205 KB5002128 KB5002060 KB5002115 KB5002052 KB5002114 KB5002107 Patches:The following are links for downloading patches to fix these vulnerabilities:Microsoft office January 2022