Microsoft Office is a top target for malware devs

News
By
published

70 percent of attacks target Office vulnerabilities

Image Credit: Pixabay

New attack and exploitation data from Kaspersky Lab has revealed that Microsoft Office products are now the top target for cybercriminals.

During a presentation at its Security Analyst Summit, the company explained to attendees how 70 percent of the attacks its antivirus products detected in Q4 2018 were trying to exploit vulnerabilities in Microsoft Office.

The platforms targeted by cybercriminals have changed significantly during the last two years as Office used to account for just 16 percent in 2016. Now hackers have moved way from targeting web browsers and Adobe Flash in favor of Microsoft Office.

However, according to Kaspersky, “None of the top most exploited vulnerabilities are in MS Office itself. Rather, the vulnerabilities exist in related components.”

Outdated components

CVE-2017-11882 and CVE-2018-0802 are two of the most exploited vulnerabilities yet they do not exist in Office itself but rather in the software's legacy Equation Editor component.

A researcher at Kaspersky Lab explained why malware authors prefer simple, logical bugs, saying:

"A look at the most exploited vulnerabilities of 2018 confirms exactly that: Malware authors prefer simple, logical bugs. That is why the equation editor vulnerabilities CVE-2017-11882 and CVE-2018-0802 are now the most exploited bugs in MS Office. Simply put, they are reliable and work in every version of Word released in the past 17 years. And, most important, building an exploit for either one requires no advanced skills."

By taking advantage of components that have been used in Office for years, these vulnerabilities are able to affect a wide range of users and not just those on the latest version. Also Microsoft will not likely remove these components any time soon as they would seriously impact Office's backward compatibility.

Via ZDNet

  • Keep your devices and software protected from cybercriminals with the best antivirus
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Latest in News
MacBook Air mute key
The new M4 MacBook Air finally fixes an Apple keyboard annoyance that's been around for decades
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back
Apple iPhone 16 Pro Max REVIEW
New iPhone 17 Air leak may have revealed some key specs – and how it compares to the iPhone 17 Pro Max
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
More about security
Woman shocked by online scam, holding her credit card outside

Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Cryptocurrencies

Ransomware’s favorite Russian crypto exchange seized by law enforcement
70mai 360 Omni 4K Dash Cam

I've reviewed dozens of dash cams, and 70mai's new rotating 4K dash cam is unlike any other
See more latest
Most Popular
International Space Station
Is the moon too far for your data? IBM's Red Hat is teaming up with Axiom Space to send a data center into space
Samsung NAND
Well, that's unexpected: Samsung will team up with its fiercest Chinese rival to produce next gen NAND flash
MacBook Air mute key
The new M4 MacBook Air finally fixes an Apple keyboard annoyance that's been around for decades
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back
Molecular hard drive
Chinese researchers are looking to create a revolutionary type of hard drive based on organic materials but huge unknowns remain
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 10 (game #1141)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 10 (game #372)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 10 (game #638)
Apple iPhone 16 Pro Max REVIEW
New iPhone 17 Air leak may have revealed some key specs – and how it compares to the iPhone 17 Pro Max