Kayayyakin Microsoft Office sune babban manufa ga masu kutse a yau, bisa ga bayanan da Kaspersky Lab ya tattara. A cikin jawabinsa a taron Manazarta Tsaro, kamfanin ya ce kusan kashi 70% na hare-haren da samfuransa suka gano a cikin Q4 2018 sun yi ƙoƙarin yin amfani da raunin Microsoft Office. Wannan ya fi sau huɗu adadin da Kaspersky ya gani shekaru biyu da suka gabata a cikin kwata na huɗu na 2016, lokacin da raunin Ofishi ya tsaya a matsakaicin 16%.
A lokaci guda, wakilin kamfanin Kaspesky ya lura da wani batu mai ban sha'awa cewa "babu wani lahani da aka fi amfani da shi a cikin MS Office kanta. Zai fi dacewa a faɗi cewa raunin yana cikin abubuwan da ke da alaƙa da ofis. " Misali, mafi haɗari biyu mafi haɗari sune CVE-2017-11882 и CVE-2018-0802, ana samunsu a cikin Editan Equation na Ofishi, wanda a baya aka yi amfani da shi don ƙirƙira da gyara ma'auni.
"Idan ka dubi shahararrun raunin 2018, za ka iya ganin cewa mawallafin malware sun fi son yin amfani da kurakurai masu sauƙi da sauƙi," in ji kamfanin a cikin gabatarwar. "Wannan shine dalilin da ya sa editan dabara ke da rauni CVE-2017-11882 и CVE-2018-0802 A halin yanzu an fi amfani da su a cikin MS Office. A taƙaice, amintattu ne kuma suna aiki a cikin kowane sigar Kalma da aka fitar a cikin shekaru 17 da suka gabata. Kuma, mafi mahimmanci, ƙirƙirar cin zarafi ga ɗayansu baya buƙatar ƙwarewar ci gaba. "
Bugu da kari, ko da lahani ba su shafi Microsoft Office kai tsaye da abubuwan da ke tattare da shi ba, galibi suna amfani da fayilolin samfurin ofis azaman hanyar haɗin gwiwa. Misali, CVE-2018-8174 bug ne a cikin fassarar Windows VBScript wanda MS Office ke ƙaddamarwa lokacin sarrafa rubutun Kayayyakin Kayayyakin Kaya. Irin wannan yanayi tare da CVE-2016-0189 и CVE-2018-8373, Dukkan lahani biyu suna cikin injin rubutun Intanet Explorer, wanda kuma ana amfani dashi a cikin fayilolin Office don sarrafa abubuwan yanar gizo.
Lalacewar da aka ambata suna cikin abubuwan da aka yi amfani da su a cikin MS Office shekaru da yawa, kuma cire waɗannan kayan aikin zai karya daidaituwar baya tare da tsofaffin nau'ikan Office.
Bugu da ƙari, a cikin wani rahoton da kamfanin ya buga a watan da ya gabata , Hakanan ya tabbatar da binciken kwanan nan daga Kaspersky Lab. A cikin wani rahoto da ke ba da cikakken bayani game da raunin da aka fi amfani da shi a cikin 2018, Rikodin Future ya lissafa raunin Ofishi guda shida a cikin manyan matsayi goma.
#1, #3, #5, #6, #7 da #8 su ne MS Office kwari ko raunin da za a iya amfani da su ta hanyar takardu a cikin nau'ikan da aka tallafa.
- - Microsoft (mai amfani ta hanyar fayilolin Office)
- CVE-2018-4878 - Adobe
- - Microsoft (aibi na ofis)
- CVE-2017-8750 - Microsoft
- - Microsoft (aibi na ofis)
- - Microsoft (mai amfani ta hanyar fayilolin Office)
- - Microsoft (aibi na ofis)
- - Microsoft (wanda ake amfani dashi ta fayilolin Office)
- CVE-2012-0158 - Microsoft
- CVE-2015-1805 - Google Android
Kaspersky Lab yayi bayanin cewa daya daga cikin dalilan da yasa malware ke kaiwa ga raunin MS Office shine saboda gaba daya tsarin muggan laifuka da ke kusa da samfurin ofishin Microsoft. Da zarar bayani game da raunin Ofishi ya zama na jama'a, cin zarafi ta amfani da shi yana bayyana akan kasuwa akan gidan yanar gizo mai duhu a cikin 'yan kwanaki.
"Kwayoyin da kansu sun zama marasa rikitarwa sosai, kuma wani lokacin cikakken bayanin shine duk wani mai laifi na intanet yana buƙatar ƙirƙirar amfani," in ji mai magana da yawun Kaspersky. A lokaci guda, kamar yadda Leigh-Ann Galloway, shugaban cibiyar tsaro ta yanar gizo ta lura : "Sau da yawa, buga lambar demo don rashin lahani na kwana-kwana da sabbin kurakuran tsaro sun taimaka wa masu satar bayanai fiye da yadda ya kare masu amfani da ƙarshen."
source: 3dnews.ru