• RSS feed RSS feed

This flaw in Microsoft Office exposed passwords and other user data

This flaw in Microsoft Office put users' passwords and other data at risk

The different versions of Microsoft Office include a vulnerability that, once exploited, allows users' personal data such as passwords and other sensitive information to be recovered.

A flaw discovered in November by a third party company

The bug was discovered by the Israel-based company Mimecast. The company specializing in cybersecurity warned Microsoft on November 6. A few days later, Microsoft was able to reproduce the bug and develop a patch, thanks to the information provided by Mimecast.

The Israeli company discovered during a simple search on the origin of a false positive that some Office files with ActiveX controls were causing memory leaks. After further investigation, the company noticed that a file called MSO.dll was abnormally distributing the memory content of its process.

According to Matthew Gardiner of Mimecast, "Memory leakage leads to the permanent writing of memory contents to different Microsoft Office files and makes it possible for sensitive information to leak unintentionally".

Such a breach allows a cybercriminal to compromise the system and access personal data such as passwords, by creating a simple malicious file to be opened by the victim. The attacker must also know the location of the file's memory address to perform his exploit.

A patch is available since the beginning of January

Microsoft confirms that the vulnerability in question, identified as CVE-2019-0560, affects Office 2010, Office 2013, Office 2016, Office 2016 and Office 2019, as well as Office 365 ProPlus. The patches for each of these versions were released in the latest security updates of January 2019 and protect Office users from possible attack.

Source: Mimecast

Articles on the Same Subject

No Comments
Be the First to Leave a Comment

Leave a comment for the article This flaw in Microsoft Office exposed passwords and other user data

Please behave respectfully towards other users

Must-Have Software
  • Cyclonis Password Manager Cyclonis Password Manager 1 download

    Cyclonis Password Manager is a free password manager designed to store your sensitive data. Cyclonis stores your data in a personal storage location...
    See the software

  • Ashampoo Anti-virus Ashampoo Anti-virus 155 downloads

    Ashampoo Anti-virus is an effective security solution that protects against attacks from all kinds of malware. Easy to access, it offers a...
    See the software

  • Panda Antivirus for Mac Panda Antivirus for Mac 43 downloads

    Panda Antivirus for Mac is antivirus software designed to protect the Mac OS X system from all online and offline threats. It scans your files,...
    See the software