Cory Nachreiner, a network security analyst at WatchGuard Technologies, said that the crop of five unpatched Office vulnerabilities is leading to a "malware storm" and asked whether "every day is zero day" for Microsoft Office.
"Microsoft had better get in gear and at least laminate its paper bag so we can weather this malware storm," the analyst said.
Nachreiner's comments come after the disclosure of a fifth new vulnerability in Microsoft Office.
The latest vulnerability affects Excel, and allows attackers to remotely execute code on a compromised system. The four previous vulnerabilities all targeted Microsoft Word.
Attackers have been exploiting the newly-discovered vulnerabilities in recent weeks. The Excel vulnerability has been used by attackers to install working malware applications. Attacks targeting unpatched vulnerabilities in Word also continue to circulate.
Microsoft and third-party security vendors have warned users not to open any unsolicited or otherwise suspicious file attachments.
Nachreiner warned that the consequences could be dire if Microsoft is unable to publish fixes for all of the Office vulnerabilities by next Tuesday's monthly security update.
"With a bunch of zero-day vulnerabilities actively floating around the internet, I hope Microsoft fixes these Office issues soon, preferably this upcoming patch day," said Nachreiner.
"If it does not, many innocent Office users will get blown away by the ongoing malware storm."
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
