Skip to main content

Office is one of the juiciest targets for hackers

(Image credit: Image Credit: Welcomia / Shutterstock)

Hackers are increasingly scrutinising Microsoft Office, looking for – and finding – vulnerabilities to abuse. This is according to a newly released report (opens in new tab) from Kaspersky Lab, which claims that 70 per cent of all threats the company recorded in the fourth quarter of last year – were related to Office in one way or another.

That's a 400 per cent jump compared to just two years before, when Office vulnerabilities took up some 16 per cent of the registered threats market.

What's important to note is that hackers rarely exploit vulnerabilities in Office itself, but rather the related components are what's considered the weakest link.

Two of the most exploited vulnerabilities were found in Office's legacy Equation Editor. Security researchers from Kaspersky Lab believe hackers are looking for “simple, logical bugs”.

"That is why the equation editor vulnerabilities CVE-2017-11882 and CVE-2018-0802 are now the most exploited bugs in MS Office. Simply put, they are reliable and work in every version of Word released in the past 17 years," researchers said. "And, most important, building an exploit for either one requires no advanced skills."

However, in order to exploit these vulnerabilities, one would require an Office file.

Usually, in order for these types of vulnerabilities to work, an unsuspecting victim needs to download and run a malicious payload, and those are usually distributed via email. So be careful when receiving attachments, make sure to doublecheck the address it’s coming from (hackers can imitate legitimate websites quite well nowadays) and make sure you trust the person sending you the attachment.

Image Credit: Welcomia / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.