Persistent Cybercriminals Exploit Old Vulnerability in Office Software, Eight Years Post Patch
In a concerning development, cybercriminals are targeting a 2017-patched vulnerability (CVE-2017-11882) in the discontinued Microsoft Office Equation Editor software. Despite Microsoft replacing the tool in 2018, attackers are exploiting legacy or unpatched versions of Office that still include the vulnerable Equation Editor component.
The vulnerability, a remote code execution vulnerability in Microsoft Office's Equation Editor 3.0, was identified by a security consultant at SANS Internet Storm Centre. Xavier Mertens, the consultant, has noted that the Equation Editor tool is still being used by attackers to spread modern malware.
The ongoing attacks are primarily due to the fact that many users or organizations continue to run outdated or unpatched Microsoft Office versions that still contain the old Equation Editor vulnerable to this flaw. The Equation Editor was retained in Office for backward compatibility with older files, meaning that even post-2018 versions might allow the embedded vulnerable code execution under certain conditions.
Cybercriminals disguise malicious payloads in files, such as Excel add-ins or embedded objects, which, if opened on these vulnerable systems, trigger the exploit. Microsoft's removal of the Equation Editor and provision of newer replacements does not eliminate the risk for environments not fully updated or that keep legacy Office versions in use.
No currently supported Office versions are vulnerable if fully updated; however, outdated or neglected systems remain an attack vector due to the persistence of this legacy software component in their Office installations. The ongoing attacks reflect the difficulty of complete remediation in heterogeneous IT environments and the high value attackers place on exploiting well-known, reliable vulnerabilities still present in the wild.
Microsoft warned about the vulnerability in November 2017, and Mertens' malware analysis was posted to the internet today. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and convincing the user to open the file.
Users are strongly advised to update Office fully or discontinue use of legacy versions to mitigate risks from this long-lived vulnerability. The persistence of this threat underscores the importance of regular software updates and vigilance in the face of cyber threats.
- The ongoing cyber threats highlight the significance of data-and-cloud-computing security in AI, as attackers continue to exploit the 2017-patched vulnerability in the discontinued Microsoft Office Equation Editor software, even in post-2018 versions under certain conditions.
- The recent malware analysis by security consultant Xavier Mertens illustrates the challenge of complete cybersecurity remediation, as modern malware is still being spread using the old Equation Editor vulnerable to CVE-2017-11882, in both legacy and outdated Office versions.
- As the Equation Editor remains a persisting threat in technology environments that have neglected software updates or continue with legacy Office versions, there's a growing emphasis on the necessity of staying updated and vigilant to safeguard against such known security threats.
