This flaw in Microsoft Office exposed passwords and other user data
The different versions of Microsoft Office include a vulnerability that, once exploited, allows users' personal data such as passwords and other sensitive information to be recovered.
A flaw discovered in November by a third party company
The bug was discovered by the Israel-based company Mimecast. The company specializing in cybersecurity warned Microsoft on November 6. A few days later, Microsoft was able to reproduce the bug and develop a patch, thanks to the information provided by Mimecast.
The Israeli company discovered during a simple search on the origin of a false positive that some Office files with ActiveX controls were causing memory leaks. After further investigation, the company noticed that a file called MSO.dll was abnormally distributing the memory content of its process.
According to Matthew Gardiner of Mimecast, "Memory leakage leads to the permanent writing of memory contents to different Microsoft Office files and makes it possible for sensitive information to leak unintentionally".
Such a breach allows a cybercriminal to compromise the system and access personal data such as passwords, by creating a simple malicious file to be opened by the victim. The attacker must also know the location of the file's memory address to perform his exploit.
A patch is available since the beginning of January
Microsoft confirms that the vulnerability in question, identified as CVE-2019-0560, affects Office 2010, Office 2013, Office 2016, Office 2016 and Office 2019, as well as Office 365 ProPlus. The patches for each of these versions were released in the latest security updates of January 2019 and protect Office users from possible attack.
Author : Nicolas JJE
- Laisser un avis
Articles on the Same Subject
- What are the alternatives to Malwarebytes Anti-Malware? Not long ago, you were told about THE ultimate solution to clean your extremely slow PC. This very popular and rather effective solution is called...
- Be careful, these fake Amazon emails contain malware The end of the year is a good time at all levels, including for cybercriminals. Hackers use the festivities to carry out phishing and malicious spam...
- How to protect your data? Every company needs to be able to protect its data to varying degrees, from the most common to the most sensitive. Depending on the level of security...
- Email scams You are my victim or Password must be changed continue We keep talking about it, but email scams continue to proliferate and still claim victims, perhaps not in numbers but enough to encourage scammers to...