Zero-day Office attacks leave experts worried

By

'Is every day zero day at Microsoft?' asks researcher.

Zero-day Office attacks leave experts worried
Security experts have voiced grave concerns for the safety of users in the wake of a string of active exploits for Microsoft Office.

Cory Nachreiner, a network security analyst at WatchGuard Technologies, said that the crop of five unpatched Office vulnerabilities is leading to a "malware storm" and asked whether "every day is zero day" for Microsoft Office. 

"Microsoft had better get in gear and at least laminate its paper bag so we can weather this malware storm," the analyst said.

Nachreiner's comments come after the disclosure of a fifth new vulnerability in Microsoft Office.  

The latest vulnerability affects Excel, and allows attackers to remotely execute code on a compromised system. The four previous vulnerabilities all targeted Microsoft Word.

Attackers have been exploiting the newly-discovered vulnerabilities in recent weeks. The Excel vulnerability has been used by attackers to install working malware applications. Attacks targeting unpatched vulnerabilities in Word also continue to circulate.  

Microsoft and third-party security vendors have warned users not to open any unsolicited or otherwise suspicious file attachments.

Nachreiner warned that the consequences could be dire if Microsoft is unable to publish fixes for all of the Office vulnerabilities by next Tuesday's monthly security update.

"With a bunch of zero-day vulnerabilities actively floating around the internet, I hope Microsoft fixes these Office issues soon, preferably this upcoming patch day," said Nachreiner.

"If it does not, many innocent Office users will get blown away by the ongoing malware storm."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?