• RSS feed RSS feed

This flaw in Microsoft Office exposed passwords and other user data

This flaw in Microsoft Office put users' passwords and other data at risk

The different versions of Microsoft Office include a vulnerability that, once exploited, allows users' personal data such as passwords and other sensitive information to be recovered.

A flaw discovered in November by a third party company

The bug was discovered by the Israel-based company Mimecast. The company specializing in cybersecurity warned Microsoft on November 6. A few days later, Microsoft was able to reproduce the bug and develop a patch, thanks to the information provided by Mimecast.

The Israeli company discovered during a simple search on the origin of a false positive that some Office files with ActiveX controls were causing memory leaks. After further investigation, the company noticed that a file called MSO.dll was abnormally distributing the memory content of its process.

According to Matthew Gardiner of Mimecast, "Memory leakage leads to the permanent writing of memory contents to different Microsoft Office files and makes it possible for sensitive information to leak unintentionally".

Such a breach allows a cybercriminal to compromise the system and access personal data such as passwords, by creating a simple malicious file to be opened by the victim. The attacker must also know the location of the file's memory address to perform his exploit.

A patch is available since the beginning of January

Microsoft confirms that the vulnerability in question, identified as CVE-2019-0560, affects Office 2010, Office 2013, Office 2016, Office 2016 and Office 2019, as well as Office 365 ProPlus. The patches for each of these versions were released in the latest security updates of January 2019 and protect Office users from possible attack.

Source: Mimecast

Articles on the Same Subject

No Comments
Be the First to Leave a Comment

Leave a comment for the article This flaw in Microsoft Office exposed passwords and other user data

Please behave respectfully towards other users

Must-Have Software
  • Firefox Lockbox Android Firefox Lockbox Android 15 downloads

    Firefox Lockbox is an Android application that allows you to recover passwords stored in your Firefox account. You can then use them more easily on...
    See the software

  • MacPass MacPass 25 downloads

    MacPass is a free, open source program based on KeePass. It allows you to manage, create and store your passwords so you don't have to remember them...
    See the software

  • NSA Ghidra NSA Ghidra 126 downloads

    Ghidra is a software reverse engineering tool that allows you to analyze malware to better understand how it works
    See the software