Legacy Microsoft Office Vulnerabilities Affect 547,000 Users

JAKARTA - According to its latest quarterly report, Kaspersky found that in Q2 2022, the number of exploits for vulnerabilities in Microsoft Office suites increased accounting for 82% of the total number of exploits for various platforms and software, such as Adobe Flash, Android, Java, etc.

Kaspersky experts found that an exploit for the vulnerability, called CVE-2021-40444, was used to attack 5,000 people in Q2 2022, which is eight times more than in Q1 2022.

This zero-day vulnerability in the Internet Explorer MSHTML engine was first reported in September 2021. The engine is a system component used by Microsoft Office applications to handle web content. When exploited, it allows the remote execution of malicious code on the victim's computer.

According to Kaspersky telemetry data, CVE-2021-40444 was previously exploited during attacks against organizations in the research and development, energy and industry, financial and medical technology, and telecommunications and IT sectors.

“Because the vulnerability is fairly easy to use, we expect an increase in its exploits. Cybercriminals create malicious documents and convince their victims to open them through social engineering techniques. The Microsoft Office application then downloads and runs the malicious script," said Alexander Kolesnikov, malware analyst at Kaspersky in a statement received in Jakarta, Thursday, August 18.

According to Kolesnikov, in order to stay safe, it is imperative to install vendor patches, use security solutions capable of detecting exploitable vulnerabilities, and keep employees alert to modern cyberthreats.

Old versions of the Microsoft Office suite are an invitation to attackers

CVE-2018-0802 and CVE-2017-11882 were the leaders in terms of the total number of victims in Q2 2022, with a slight increase in Q1.

They were used to attack more than 487,000 users through older versions of the Microsoft Office suite of programs, which remain quite popular and are still a very attractive target for cybercriminals.

Taking advantage of this vulnerability, attackers usually distribute malicious documents to corrupt the memory of the Equation Editor component and run malicious code on the victim's computer.

The number of users affected by CVE-2017-0199 grew by 59% to over 60,000. If successfully exploited, this vulnerability allows attackers to take control of a victim's computer and view, modify, or delete data without their knowledge.