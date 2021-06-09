



Microsoft Office, a widely used productivity suite of applications, lurked a security flaw in the legacy code that allowed hackers to compromise their PCs. Checkpoint Research (CPR), a cybersecurity company, has discovered this bug. They suspect that the vulnerability may have existed for years.

Before throwing away your Excel or Word app, you need to know that the security hole is already closed. CPR disclosed the discovery of a security flaw to Microsoft, and a Redmond-based tech giant issued a fix to patch the vulnerability.

Security flaws found in Microsoft Office legacy code

According to CPR reports, analysis errors are the cause behind security flaws. The failure was discovered in legacy code found in the Excel95 file format, so CPR investigators speculate that the vulnerability has existed for several years.

Microsoft Office (Image Credit: Microsoft)

If an attacker chooses to exploit this vulnerability, it could execute a code target through a malicious Office document such as Word (.DOCX), Excel (.EXE), or Outlook (.EML). There is.

“The vulnerabilities found affect almost the entire Microsoft Office ecosystem. Such attacks can be performed on almost any Office software, including Word and Outlook,” Checkpoint. Yaniv Balmas, Head of Cyber ​​Research for Software, said in a statement.

Balmas added that one of the most important points of CPR’s Microsoft Office research is that legacy code continues to be a weakness in the security chain, especially on complex software platforms like Microsoft Office.

CPR investigators have revealed that they have discovered a vulnerability by “fuzzing” Microsoft Graph (MSGraph), a component of Microsoft Office products that render graphs and charts. According to CPR, fuzzing is an “automated software testing method that seeks to find hackable software bugs.” This tactic randomly populates a computer program with invalid data input to find coding errors and security flaws.

A security vulnerability was discovered in the Excel95 file format, but CPR allows hackers to launch attacks against Word, Outlook, and other apps because the entire Office suite supports Excel objects. I pointed out that there is sex.

Microsoft has issued a fix for a security flaw

Thanks to the CPR report, Microsoft has issued CVE-2021-31174, CVE-2021-31178, CVE-2021-31179, and CVE-2021-31939 to patch the security flaws.

According to Balmas, CPR investigators discovered only four vulnerabilities during the investigation, but who knows what other flaws are lurking in Microsoft Office?

“We strongly recommend that Windows users update their software immediately, as there are many attack vectors that can cause vulnerabilities discovered by attackers,” Balmas said.

To update your PC[スタート]Click the button[設定]>[更新とセキュリティ]>[Windows Update]Go to.[更新を確認]Click.

