Cybersecurity researchers from Cisco Talos recently discovered a high-severity vulnerability in Microsoft Office that would allow potential threat actors to remotely execute malicious code on the target endpoint.
Announcing the news in a short blog post published earlier this week, the office software developer said its researcher Marcin ‘Icewall’ Noga uncovered a class attribute double-free vulnerability affecting Microsoft Excel.
By running a weaponized Excel file, the victim would allow the attacker to execute arbitrary code on their device. The vulnerability is now being tracked as CVE-2022-41106, and other than that, details are scarce.
What we do know is that Microsoft was notified and has already provided a patch. Excel users are advised to update their software to version 2207 build 15427.20210 and version 2202 build 14931.20660.
Targeting office workers
Microsoft’s productivity suite continues to be one of the most popular attack vectors among cybercriminals. Up until recently, Office documents with malicious macros, distributed via email, were the most popular way to have office workers download and run malware on their computers, opening up the doors to more destructive cyberattacks such as ransomware or identity theft.
More recently, Microsoft decided to prevent the software from running macros at all, in files downloaded from the internet, as opposed to the trusted, local network.
That prompted cybercriminals to move away from macros and into Windows shortcut files (.lnk) which are now widely used to side-load malicious .dlls, and other kinds of malware.
Regardless of the security measures implemented by software makers and companies, one truth remains – the employees are still the weakest link in the cybersecurity chain. Unless they are educated and trained to stop cyberattacks, crooks will always find a way to trick them into downloading and running malware.
Besides this, making sure the staff isn’t overworked and distracted can also help improve the cybersecurity posture of any company.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba