• Home
  • Apps
  • Apps News
  • Microsoft Office Gets Patched for 4 Vulnerabilities That Could Impact User Security: Check Point Research

Microsoft Office Gets Patched for 4 Vulnerabilities That Could Impact User Security: Check Point Research

Check Point Research said the issues existed in the MSGraph component that is a part of almost all Microsoft Office products.

Microsoft Office Gets Patched for 4 Vulnerabilities That Could Impact User Security: Check Point Research

Photo Credit: Reuters

Microsoft has just patched the last vulnerability

Highlights
  • Microsoft Office was found to have the four vulnerabilities
  • Three of them were fixed last month
  • Microsoft Office users could be targeted through a malicious document
Advertisement

Microsoft has patched as many as four vulnerabilities in its Office suite that includes Word, Excel, PowerPoint, Outlook as well as Office Web, Check Point Research said on Tuesday. These vulnerabilities could allow an attacker to impact users through malicious Office documents. The cybersecurity firm identified the security loopholes using an automated software technique called “fuzzing” and reported them to Microsoft in February. While three of the vulnerabilities were fixed last month, the company was able to patch the last one earlier on Tuesday. Users are recommended to update the Microsoft Office suite on their desktops and laptops.

Check Point Research said that the loopholes existed in the MSGraph component that is a part of Microsoft Office products including Word, Outlook, PowerPoint, and Excel, among others. The code that the researchers examined and found to be impacted by the vulnerabilities existed since at least the Office 2003 release launched in August 2003.

“To our knowledge, this component has not received too much attention from the security community until now, making it a fertile ground for bugs,” the Check Point Research noted in a blog post.

The researchers used the “fuzzing” technique to exploit the vulnerabilities using automated software. By using the technique, it was found that most of the Microsoft Office products were vulnerable to attacks using malicious code. This could be delivered to users through a specially crafted Word document in .docx format, Outlook Email in .eml, or an Excel spreadsheet in the .xls format.

“We learned that the vulnerabilities are due to parsing mistakes made in legacy code,” said Yaniv Balmas, Head of Cyber Research at Check Point Software, in a prepared statement. One of the primary learnings from our research is that legacy code continues to be a weak link in the security chain, especially in complex software like Microsoft Office.”

The researchers noted that there could be multiple attack vectors, and the simplest one would be when a victim downloads a malicious .xls file.

Check Point Research said that it disclosed the four vulnerabilities to Microsoft on February 28. Three of these that are classified as CVE-2021-31174, CVE-2021-31178, and CVE-2021-31179 were patched by the software giant on May 11, whereas the last one that is identified as CVE-2021-31939 was fixed on Tuesday.

The researchers at Check Point Research believe that while Microsoft has fixed the four vulnerabilities, there could be some others that may impact users. It is, therefore, recommended to install the latest Microsoft Office suite. Windows 10 users can specifically install the update by going to Settings > Update & security > Windows Update.


Interested in cryptocurrency? We discuss all things crypto with WazirX CEO Nischal Shetty and WeekendInvesting founder Alok Jain on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Pixel June 2021 Feature Drop Brings Astrophotography in Night Sight, Locked Folder in Google Photos, More
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »