If you use Word, Excel, Outlook or some of the Office applications in Windows 10 you should update urgently
Are you a user of Word, Excel, Outlook or any other Office application in Windows 10? If the answer is yes, you’d better update as soon as possible: vulnerabilities have been detected that compromise your security.
A team of researchers from the security firm Check Point Research has detected four vulnerabilities affecting the Microsoft Office suite. In accordance with The report From these experts, these security holes could be exploited by malicious users to attack your computer, so it is recommended that you update as soon as possible to stay safe.
The researchers found these four vulnerabilities by analyzing MSGraph, a component used to display charts and tables and that can be integrated into many Microsoft Office products, including Word, Excel, Outlook, or PowerPoint. This is a fairly old component, and according to the team, over the years it hasn’t received much attention from the security community, which is why they decided to review it carefully.
This allowed them to detect a total of four vulnerabilities that, as detailed, they are due to parsing errors made with the legacy code. “Legacy code remains a weak link in the security chain, especially in complex software like Microsoft Office”, the researchers write.
Specifically, the team has detected four vulnerabilities, called CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 Y CVE-2021 -31939. Attackers could exploit these security holes to run code on the victim’s computer via a simple malicious Excel file.
Furthermore, since the entire Office suite has the ability to embed Excel objects, this broadens the attack vector, making it possible to run it from any software in the office suite, including Word, Outlook, and other programs.
“Although we investigated a single component of Microsoft Office, we were able to identify several vulnerabilities that affect multiple products in this ecosystem”, the experts explain. “The results of this research were a set of files that could be embedded in different ways to potentially exploit different Office products on multiple platforms.”
Three of the four vulnerabilities (CVE-2021-31174, CVE-2021-31178 and CVE-2021-31179) were already fixed in the Patch Tuesday update of May 2021. The fourth (CVE-2021 -31939) will be patched in the June 2021 update to be released today. If you haven’t done it yet, update as soon as possible to be protected.