Multiple Office 365 security bugs could give hackers the keys to the kingdom

representational image of a cloud firewall
(Image credit: Pixabay)

Cybersecurity researchers have identified four security vulnerabilities in Microsoft Excel and Microsoft Office 365 that can be exploited to execute malicious code.

The vulnerabilities, reported by Check Point, come from the legacy code that stems from Excel95, giving them reason to believe that the vulnerabilities have existed for several years.

Check Point's team adds that the four vulnerabilities can be exploited through malicious Word, Excel, and Outlook documents.

Patches for three of the vulnerabilities tracked as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 have already been issued by Microsoft. The fourth issue tracked as CVE-2021-31939 should be fixed in the June 2021 Patch Tuesday release. 

Legacy code fail

Yaniv Balmas, Head of Cyber Research at Check Point Software says that their discovery highlights that legacy code is a perennial weak link in the security chain, more so when it comes to complex software like Microsoft Office.

“Even though we found only four vulnerabilities on the attack surface in our research, one can never tell how many more vulnerabilities like these are still laying around waiting to be found,” adds Balmas.

He also shares that the vulnerabilities are in a sense readily exploitable since the researchers found “numerous” attack vectors that threat actors can use to trigger the vulnerabilities.

Since Microsoft has now issued patches for all the vulnerabilities, Check Point urges all Windows users to update the impacted software without delay. 

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Outlook
Dangerous Microsoft Outlook flaw could let hackers send out malware via email
Representational image of a cybercriminal
Microsoft just patched a host of worrying security issues, so update now
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
US government warns users to patch this critical Microsoft Outlook bug
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
A hacker wearing a hoodie sitting at a computer, his face hidden.
Microsoft patches three worrying security flaws in its latest critical update, so update now
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game