Stay updated on Microsoft Office security with the latest insights, threats, and protection strategies in information security.
Search across headline titles and summaries.
Background for this topic.
Microsoft Office is a suite of productivity applications that includes software like Word, Excel, PowerPoint, and Access, among others. In the context of information security, Microsoft Office is significant due to its widespread use in businesses and organizations across the globe, which makes it a popular target for cyber attacks.
Security concerns for Microsoft Office include the potential for exploitation through macros, phishing scams leveraging Office file attachments, and vulnerabilities within Office applications that can be used for data breaches or malware distribution. Microsoft regularly releases security updates to address vulnerabilities and promotes best practices such as using Protected View, enabling security features, and training users to recognize and handle potential threats.
Additionally, secure configuration of Office applications, access controls, and the management of sensitive data within documents are crucial elements. As Microsoft expands its office suite to the cloud with services like Office 365, considerations also extend to online collaboration, data storage security, and identity management.
Weekly headline count for the current query.
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met
The vendor disclosed one actively exploited zero-day vulnerability in Microsoft Office SharePoint that allows attackers to view information and make changes to disclosed information. The post Microsoft drops its second-largest monthly batch of defects on record appeared first on CyberScoop.
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild
Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, UkraineThis week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia's APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace.
Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, UkraineThis week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia's APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace.
APT28's attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit
Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. [...]
Ukraine’s CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already exploiting Microsoft's latest Office zero-day, with Ukraine's national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU.…
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says
Microsoft urged customers running Microsoft Office 2016 and 2019 to apply the patch to be protected
Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks
Max-severity OneView hole joins a PowerPoint bug that should've been retired years ago CISA has added a pair of security holes to its actively exploited list, warning that attackers are now abusing a maximum-severity bug in HPE's OneView management software and a years-old flaw in Microsoft Office.…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation
MuddyWater Also Embraces Bulletproof Hosts and Custom MalwareThe Iranian nation-state cyberespionage group MuddyWater is going back to the future with attacks featuring Microsoft Office documents with malicious macros. It is also shifting to homegrown malware in place of commercial remote monitoring and management tools, said researchers.
The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it's anything but.
Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. [...]
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office
In May, Microsoft plans to roll out a new Windows scheduled task that launches automatically to help Microsoft Office apps load faster. [...]