Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
Microsoft Office and its vulnerabilities
Microsoft Office and its vulnerabilities
harlan4096 Online
MalWare Zoo Team
*******
Posts: 14,414
Threads: 9,507
Thanks Received: 9,034 in 7,184 posts
Thanks Given: 9,804
Joined: 12 September 18
#1
Information  12 April 19, 07:03
Quote:
[Image: ms-office-vulnerabilities-sas-2019-featured.jpg]

Some talks at the SAS 2019 conference are dedicated not to sophisticated APT attacks, but to the daily grind of our antimalware researchers. Our experts Boris Larin, Vlad Stolyarov, and Alexander Liskin prepared research called “Catching multilayered zero-day attacks on MS Office.” The main focus of their research was the instruments that help them in malware analysis, but they also draw attention to the current Microsoft Office threat landscape.

The changes to the threat landscape in just two years are attention-grabbing. Our experts compared a distribution of attacked users by targeted platforms from the end of last year with one from just two years ago. They found that cybercriminals moved away from using Web-based vulnerabilities in favor of MS Office ones — but the extent of the change surprised even them: In the past few months, MS Office, with a more than 70% share of attacks, became the most targeted platform.

Starting last year, a bunch of zero-day exploits for MS Office began to pop up. These usually begin with targeted campaign but eventually go public and end up integrated into a malicious document builder. The turnaround time has shortened substantially, however. For example, in the case of CVE-2017-11882, the first equation editor vulnerability our expert saw, a huge spam campaign started the same day the proof of concept was published. That’s true of other vulnerabilities as well — once a technical report for a vulnerability goes public, an exploit for it appears on the dark market in a matter of days. Bugs themselves have become much less complex, and sometimes a detailed write-up is all a cybercriminal needs to build a working exploit.

A look at the most exploited vulnerabilities of 2018 confirms exactly that: Malware authors prefer simple, logical bugs. That is why the equation editor vulnerabilities CVE-2017-11882 and CVE-2018-0802 are now the most exploited bugs in MS Office. Simply put, they are reliable and work in every version of Word released in the past 17 years. And, most important, building an exploit for either one requires no advanced skills. That’s because the equation editor binary didn’t have any of the modern protections and mitigations you’d expect from an application in 2018.

An interesting side note: None of the top most exploited vulnerabilities are in MS Office itself. Rather, the vulnerabilities exist in related components.
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
XYplorer
What's new in Rele...Kool — 15:58
Sandboxie Plus (open source fork of San...
Release v1.15.10...Kool — 15:54
Mozilla Firefox Browser 137.0.2
Mozilla Firefox Br...harlan4096 — 08:17
Manjaro Linux 25.0.0 Build 250414
Manjaro Linux 25.0...harlan4096 — 08:16
K-Lite Codec Pack 18.8.5 / 18.8.8 Update
Changes in 18.8.8 ...harlan4096 — 08:15

[-]
Birthdays
Today's Birthdays
avatar (49)fuspeukChark
avatar (43)werriewWaiNg
avatar (37)Freemanleo
Upcoming Birthdays
avatar (44)wapedDow
avatar (48)oapedDow
avatar (41)Sanchowogy
avatar (43)techlignub
avatar (42)Stevenmam
avatar (49)onlinbah
avatar (50)steakelask
avatar (44)Termoplenka
avatar (42)bycoPaist
avatar (48)pieloKat
avatar (42)ilyagNeexy
avatar (50)donitascene
avatar (50)Toligo
avatar (37)RobertUtelt

[-]
Online Staff
There are no staff members currently online.

>