S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]
Latest episode - listen now!
Microsoft Office is a productivity software suite whose documents, add-ins, and vulnerabilities can expose data and compromise enterprise systems.
Search across headline titles and summaries.
Background for this topic.
Microsoft Office is a suite of productivity applications including Word, Excel, PowerPoint, and Access, delivered as desktop software and, in many environments, through Microsoft 365 services. Its files are common in business workflows, so Office security advisories, file-format changes, and configuration guidance can affect a broad range of users and systems.
Office documents can carry malicious macros, embedded objects, templates, or links, and vulnerabilities in an application or document parser may enable code execution when a file is opened or previewed. Useful controls include timely patching, restricting macros to trusted, signed sources, using Protected View, and inspecting attachment and download provenance. Cloud use adds security responsibilities around identity, external sharing, delegated application access, and retention of sensitive documents; monitoring sign-ins and sharing events helps distinguish an exploited endpoint from an account or configuration problem.
Latest episode - listen now!
An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems
Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability (known as 'Follina') to execute malicious code remotely on Windows systems. [...]
Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely. [...]
Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems
Researchers comb through code execution flaw found in malicious document Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft's ubiquitous Office software.…
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.
Security researchers have discovered a new Microsoft Office zero-day vulnerability that is currently exploited in phishing attacks to install malware on devices simply by opening a Word document. [...]
Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems