Cybersecurity agency Check Point Research has urged Microsoft Office customers to update their software program instantly after 4 safety flaws have been discovered that allowed attackers to take management of a pc, rear and entry information, and set up ransomware. The safety flaws have been recognized as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 and CVE-2021-31939.
Microsoft has since patched the Office suite that fixes the 4 safety flaws discovered throughout Microsoft Word, Excel, EnergyPoint and Office Web. The weaknesses have been reportedly noticed in a software present in MS Graph, a Microsoft Office software program.
Discovering the vulnerability
Check Point Research found the failings by “fuzzing” MSGraph which is used to show charts and graphs contained in the Microsoft Office suite. Fuzzing is an automatic software program testing method that’s used to seek out hackable software program bugs by randomly feeding invalid and surprising knowledge inputs into a pc program. This is finished to seek out coding errors and safety loopholes.
Update Windows and Microsoft Office to remain protected
To be sure that you are not affected by the safety vulnerabilities, it’s important that you update to the newest model of Windows and Microsoft Office. Users can do that by heading over to the Update & Security web page in Windows settings and enabling Automatic updates.
“The vulnerabilities found, affect almost the entire Microsoft Office ecosystem. It’s possible to execute such an attack on almost any Office software, including Word, Outlook and others. We learned that the vulnerabilities are due to parsing mistakes made in legacy code,” Yaniv Balmas, Head of Cyber Research at Check Point Software stated.
“One of the primary learnings from our research is that legacy code continues to be a weak link in the security chain, especially in complex software like Microsoft Office. Even though we found only four vulnerabilities on the attack surface in our research, one can never tell how many more vulnerabilities like these are still lying around waiting to be found. I strongly urge Windows users to update their software immediately, as there are numerous attack vectors possible by an attacker who triggers the vulnerabilities that we found,” Balmas provides.