NEW DELHI: Hackers can use an unpatched exploit in the Internet Explorer to both spy on Windows users and steal their local data, and the vulnerability affects Microsoft Windows 7, Windows 10 and Windows Server 2012 R2, a researcher John Page revealed on Monday.
Email accounts across Microsoft’s Outlook, Hotmail and MSN services were left vulnerable for almost three months (1 January to 28 March) after it emerged that hackers had targeted them. However, according to Microsoft, only a “limited" number of people had their accounts compromised in the breach. In a 15 April article in the Verge, Microsoft also admitted that its Outlook.com security breach was worse than the company initially revealed, even as it made efforts to address the issue.
Indeed! Microsoft's deep penetration in the enterprise makes it a hot target for cybercriminals. In fact, the widely-used suite of applications offered by Microsoft under the Office family and used by individuals and enterprises for creating documents--excel sheets and power point presentations--accounted for 70% of cyberattacks detected by Kaspersky’s security products in the fourth quarter of 2018.
According to the Kaspersky Labs, after Word, the most targeted platforms were web browsers (14%) and Android (12%).
Speaking at the Security Analysts Summit 2019, researcher Alexander Liskin from Kaspersky Labs, pointed out that the attacks surface is huge in case of Office because of complicated file formats, integration with Windows, interoparatibilty (allows disparate information systems from multiple vendors to work together) and bad decisions made by Microsoft from a security point of view while creating Office.
In 2018, the researchers from Kaspersky Labs came across multiple zero day vulnerabilities in Office and informed Microsoft about them.
Interestingly, none of the most exploited vulnerabilities were found in Office itself, but were actually detected in related components. For instance, two of the most exploited vulnerabilities CVE-2017-11882 and CVE-2018-0802 didn’t afflict the Word directly but were targeted at Office equation editor process (it allows users to construct math and science equations).
This legacy formula editor is part of Office package and is mostly used with Word as an object linking and embedding tool. Microsoft reportedly issued a binary patch for the vulnerability but many components are still unpatched.
What makes taking advantage of the exploit easier than most other forms of cyberattacks is the fact that building an exploit for CVE-2017-11882 and CVE-2018-0802 vulnerabilities doesn’t require advanced skills.
It is one of the reasons why the turnaround time between the vulnerability being reported and the availability of an exploit has reduced and the attacks have gone up. Once a technical report for a vulnerability goes public, an exploit for it appears on the dark market in a matter of days, rues Kaspersky Labs.