Microsoft Office users need to update their software right away, as the office suite has just received important critical security patches to fix four security flaws in Microsoft Word, Excel, PowerPoint, Office Web according to cybersecurity firm Check Point Research.
Security flaws in the Microsoft Office software were previously identified by the cybersecurity firm, which would allow an attacker to take control of a computer, read and access files — and even install ransomware on it, locking its files behind a password until a specified sum of money is paid, usually in cryptocurrency.
According to Check Point Research, the weaknesses were spotted in a tool found in the Microsoft Office software called MSGraph. This package is extremely old and was being used by the office suite since 1995.
“The vulnerabilities are the result of parsing mistakes made in legacy code found in Excel95 File Formats, giving researchers reason to believe that the security flaws have existed for several years,” the company said in a blog post.
Microsoft Office vulnerabilities are not uncommon, considering the large codebase that has expanded to add new features and functionality over the years. The company regularly updates its software with performance improvements and security fixes, such as the recently issued update to fix the security flaws detected by the security firm.
Check Point Research says that it discovered the flaws by “fuzzing” MSGraph which is used to display charts and graphs inside the Microsoft Office suite. The term fuzzing refers to a technique to automatically find coding errors and security loopholes in software by randomly feeding invalid and unexpected data inputs into a program, to discover software bugs that can be exploited.
In order to patch the security flaws, users will need to go through Windows Update. Here are the steps to follow in order to stay protected from the newest Microsoft Office security flaws:
Step 1: Click the Start button and go to Settings, then click on Update and security, then click Windows Update
Step 2: Check for updates manually on the main screen, then go to Advanced options and select the Automatic (recommended) option under Choose how updates are installed.
Step 3: (Optional) Restart your desktop or laptop computer once the updates are installed.
“Even though we found only four vulnerabilities on the attack surface in our research, one can never tell how many more vulnerabilities like these are still laying around waiting to be found. I strongly urge Windows users to update their software immediately, as there are numerous attack vectors possible by an attacker who triggers the vulnerabilities that we found,” said Yaniv Balmas, Head of Cyber Research at Check Point Software. – Hindustan Times/Tribune News Service