-
Microsoft to Separate Teams and Office Globally Amid Antitrust Scrutiny1 April 2024 -
Microsoft to Unbundle Teams From Office Product to Avert EU Antitrust Fine31 August 2023
-
Microsoft Hit With EU Antitrust Complaint From German Rival Over Teams' Inclusion to Office Bundle21 July 2023
-
Microsoft Likely to Face EU Antitrust Investigation in Coming Months4 July 2023
-
Microsoft Said to Have Offered to Charge for Its Office Product to Address EU Antitrust Concerns5 May 2023
Microsoft Office Gets Patched for 4 Vulnerabilities That Could Impact User Security: Check Point Research
Check Point Research said the issues existed in the MSGraph component that is a part of almost all Microsoft Office products.
By Jagmeet Singh | Updated: 8 June 2021 19:19 IST
Photo Credit: Reuters
Microsoft has just patched the last vulnerability
Advertisement
Microsoft has patched as many as four vulnerabilities in its Office suite that includes Word, Excel, PowerPoint, Outlook as well as Office Web, Check Point Research said on Tuesday. These vulnerabilities could allow an attacker to impact users through malicious Office documents. The cybersecurity firm identified the security loopholes using an automated software technique called “fuzzing” and reported them to Microsoft in February. While three of the vulnerabilities were fixed last month, the company was able to patch the last one earlier on Tuesday. Users are recommended to update the Microsoft Office suite on their desktops and laptops.
Check Point Research said that the loopholes existed in the MSGraph component that is a part of Microsoft Office products including Word, Outlook, PowerPoint, and Excel, among others. The code that the researchers examined and found to be impacted by the vulnerabilities existed since at least the Office 2003 release launched in August 2003.
“To our knowledge, this component has not received too much attention from the security community until now, making it a fertile ground for bugs,” the Check Point Research noted in a blog post.
The researchers used the “fuzzing” technique to exploit the vulnerabilities using automated software. By using the technique, it was found that most of the Microsoft Office products were vulnerable to attacks using malicious code. This could be delivered to users through a specially crafted Word document in .docx format, Outlook Email in .eml, or an Excel spreadsheet in the .xls format.
“We learned that the vulnerabilities are due to parsing mistakes made in legacy code,” said Yaniv Balmas, Head of Cyber Research at Check Point Software, in a prepared statement. One of the primary learnings from our research is that legacy code continues to be a weak link in the security chain, especially in complex software like Microsoft Office.”
The researchers noted that there could be multiple attack vectors, and the simplest one would be when a victim downloads a malicious .xls file.
Check Point Research said that it disclosed the four vulnerabilities to Microsoft on February 28. Three of these that are classified as CVE-2021-31174, CVE-2021-31178, and CVE-2021-31179 were patched by the software giant on May 11, whereas the last one that is identified as CVE-2021-31939 was fixed on Tuesday.
The researchers at Check Point Research believe that while Microsoft has fixed the four vulnerabilities, there could be some others that may impact users. It is, therefore, recommended to install the latest Microsoft Office suite. Windows 10 users can specifically install the update by going to Settings > Update & security > Windows Update.
Interested in cryptocurrency? We discuss all things crypto with WazirX CEO Nischal Shetty and WeekendInvesting founder Alok Jain on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Related Stories
Microsoft Office Gets Patched for 4 Vulnerabilities That Could Impact User Security: Check Point Research
Advertisement
Follow Us
Advertisement
Popular on Gadgets
- Galaxy S24 Series
- MWC 2024
- Apple Vision Pro
- Oneplus 12
- iPhone 14
- Apple iPhone 15
- OnePlus Nord CE 3 Lite 5G
- iPhone 13
- Xiaomi 14 Pro
- Oppo Find N3
- Tecno Spark Go (2023)
- Realme V30
- Best Phones Under 25000
- Samsung Galaxy S24 Series
- Cryptocurrency
- iQoo 12
- Samsung Galaxy S24 Ultra
- Giottus
- Samsung Galaxy Z Flip 5
- Apple 'Scary Fast'
- Housefull 5
- GoPro Hero 12 Black Review
- Invincible Season 2
- JioGlass
- HD Ready TV
- Laptop Under 50000
- Smartwatch Under 10000
- Latest Mobile Phones
- Compare Phones
Latest Gadgets
- Vivo V30e
- Itel Super Guru 4G
- Huawei Pura 70 Pro+
- Huawei Pura 70 Ultra
- Tecno Camon 30 Premier 5G
- Motorola Edge 50 Fusion
- Oppo A1i
- Oppo A1s
- Asus ZenBook Duo 2024 (UX8406)
- Dell Inspiron 14 Plus
- Realme Pad 2 Wi-Fi
- Redmi Pad Pro
- Cult Shock X
- Fire-Boltt Oracle
- Samsung Samsung Neo QLED 8K Smart TV QN800D
- Samsung Neo QLED 4K Smart TV (QN90D)
- Sony PlayStation 5 Slim Digital Edition
- Sony PlayStation 5 Slim
- Voltas 1 Ton 5 Star Inverter Split AC (125V Vectra Elite)
- Voltas 1.5 Ton 3 Star, Inverter Split AC (183V Vertis Emerald 4503563)
- About Us
- Sitemaps
- Feedback
- Archives
- Contact Us
- RSS
- Advertise
- Career
- Privacy Policy
- Ethics
- Editorial Policy
- Terms & Conditions
- Complaint Redressal
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
