Microsoft Office products are a top target for hackers today, according to data compiled by Kaspersky Lab. In its presentation at the Security Analyst Summit conference, the company said that about 70% of the attacks that its products detected in Q4 2018 attempted to exploit Microsoft Office vulnerabilities. That's more than four times the percentage that Kaspersky saw two years ago in Q2016 16, when Office vulnerabilities accounted for a modest XNUMX%.
At the same time, a Kaspesky representative noted an interesting point that “none of the most commonly used vulnerabilities are located in MS Office itself. It would be more accurate to say that the vulnerabilities exist in Office-related components.” For example, the two most dangerous vulnerabilities, CVE-2017-11882 и CVE-2018-0802, are found in the legacy Office Equation Editor that was previously used to create and edit formulas.
“If you look at popular vulnerabilities in 2018, you can see that malware authors prefer easy-to-use logical errors,” the company said in a presentation. "That's why formula editor vulnerabilities CVE-2017-11882 и CVE-2018-0802 are currently the most commonly used in MS Office. Simply put, they are reliable and work in all versions of Word released in the last 17 years. And, most importantly, creating an exploit for any of them does not require advanced skills.”
In addition, even if vulnerabilities do not directly affect Microsoft Office and its components, they often use office product files as an intermediate link. For example, CVE-2018-8174 is a bug in the Windows VBScript interpreter that MS Office launches when processing Visual Basic scripts. A similar situation with CVE-2016-0189 и CVE-2018-8373, both vulnerabilities are in the Internet Explorer Scripting Engine, which is also used in Office files to process web content.
The vulnerabilities mentioned are in components that have been used in MS Office for many years, and removing these tools will break backwards compatibility with older versions of Office.
In addition, in another report published last month by the company also confirms the recent findings of Kaspersky Lab. In a report detailing the most exploited vulnerabilities in 2018, Recorded Future listed six Office vulnerabilities in the top ten.
#1, #3, #5, #6, #7 and #8 are MS Office bugs or vulnerabilities that can be exploited with documents in supported formats.
- – Microsoft(exploitable via Office files)
- CVE-2018-4878 - Adobe
- – Microsoft (Office flaw)
- CVE-2017-8750 - Microsoft
- – Microsoft (Office flaw)
- – Microsoft(exploitable via Office files)
- – Microsoft (Office flaw)
- – Microsoft (exploitable via Office files)
- CVE-2012-0158 - Microsoft
- CVE-2015-1805 - Google Android
Kaspersky Lab explains that one of the reasons why MS Office vulnerabilities are often targeted by malware is due to the whole criminal ecosystem that exists around the Microsoft office product. As soon as information about an Office vulnerability becomes public, an exploit using it appears on the market on the Dark Web in a matter of days after that.
“The bugs themselves have become much less complex, and sometimes a detailed description is all a cybercriminal needs to create a working exploit,” says a spokesman for Kaspersky. At the same time, as noted by Lee-Anne Galloway, head of cybersecurity at : "Time and time again, posting demo code for zero-day vulnerabilities and newly patched security bugs has often helped hackers more than protected end users."
Source: 3dnews.ru