Kaspersky has identified a number of recent cases of threat actors exploiting a years-old Microsoft Office vulnerability, targeting both individuals and companies alike.
According to the researchers, 11,394 users had encountered attacks leveraging the CVE-2017-11882 vulnerability during the second quarter of 2023, an increase of 483% compared with the three months before during which there were 1,954 cases.
Despite transitioning to a largely subscription-based model several years ago, Kaspersky acknowledges that older versions of Microsoft office software remain popular, urging users to stay on top of their cybersecurity.
Attackers exploiting old Office vulnerability
The now-patched issue affects Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016. Kaspersky says:
“This vulnerability allows attackers to exploit the equation editor in Microsoft Office documents, enabling them to execute malicious code on the targeted device.”
In essence, an attacker is able to install malware onto a victim’s device without them knowing.
While interest in that vulnerability in particular have spiked in recent months, attackers continue to exploit old vulnerabilities across the board. More than 130,000 attacked users have been tracked in relation to CVE-2018-0802.
CVE-2010-2568, CVE-2017-0199, and CVE-2011-0105 have also proven popular among attackers, each accounting for thousands of attacks.
Kaspersky Malware Analyst Team Lead Alexander Kolesnikov said: “Attackers have indeed started using this exploit again,” stressing the fact that “It is no less important to install software updates and patches on time.”
In fact, that is the company’s first recommendation for those looking to reduce their risk of attack. More generally, users are being advised to check for mistakes and irregularities in URLs and other message content and to use suitable endpoint protection software.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba