Check Point finds four vulnerabilities in Microsoft Office

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researchers from vendor Check Point have discovered four vulnerabilities in Microsoft Office through fuzzing. According to Check Point, products in the Office suite are affected, including Excel and Word. The vulnerabilities stem from outdated code and open up the possibility for attackers to execute malicious command lines via attempted Office documents.


Advertising

The information has been with me for a few days. Researchers at Point Research (CPR), the threat intelligence division ofCheck Point® Software Technologies Ltd. took aim at Microsoft Office. In doing so, the security researchers discovered the vulnerabilities by fuzzing MSGraph, a component that can be embedded in Microsoft Office products to display graphs and charts.

Fuzzing is an automated software testing technique that attempts to find software bugs by randomly injecting invalid and unexpected data inputs into a program to ferret out bugs in the code and security vulnerabilities.

Using this technique, CPR discovered vulnerable features within MSGraph. Similar code reviews confirmed that the vulnerable function is commonly used in various Microsoft Office products, such as Excel, Office Online Server and Excel for OSX. The vulnerabilities are the result of parsing errors in outdated code, leading CPR to believe the vulnerabilities have been around for years.

The dangerous part: The vulnerabilities found can be embedded in most Office documents. Therefore, several attack paths are conceivable. The simplest would be:

  1. The victim downloads a malicious Excel file (XLS format) or Word file (DOCX format) or Outlook email (EML format). The document can be delivered via a download link or email, but the attacker cannot force the victim to download it.
  2. The victim opens the contaminated file.
  3. The vulnerability is triggered..

The entire Office suite can embed Excel objects, for example, and in this case this functionality extends the hackers' attack path. Thus, it becomes possible to execute an attack against almost any Office software.

CPR has shared its research findings with Microsoft. Microsoft has closed the CVE-2021-31174, CVE-2021-31178 and CVE-2021-31179 vulnerabilities through published updates. The fourth patch for the CVE-2021-31939 vulnerability was released on June 8, 2021. Yaniv Balmas, Head of Cyber Research at Check Point Software and responsible for the discovery, commented:


Advertising

The vulnerabilities found affect almost the entire Microsoft Office ecosystem. It is possible to launch such an attack against almost any Office software, including Word, Outlook and Excel. We realized that the vulnerabilities are due to parsing errors in legacy code. One of the key findings from our investigation is that legacy code is still a weak link in the security chain, especially for complex software like Microsoft Office. Although we found only four vulnerabilities in our investigation, you can never tell how many more vulnerabilities of this type are still lying around open, waiting to be found. I strongly recommend that Windows users update their software immediately, as there are numerous avenues of attack through which an attacker can exploit the vulnerabilities we found.

Check Point has published more details in this document.


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Office, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *