An old vulnerability in Microsoft Office is gaining popularity among attackers who target both regular users and companies, Kaspersky has found.
Since the beginning of the year, the exploitation of CVE-2017-11882 has increased by nearly 500%, impacting thousands.
Another old vulnerability, CVE-2018-0802, emerged as cybercriminals’ most prevalent “weapon”, targeting over 130 000 users.
Since older versions of Microsoft programs remain quite popular and are still a highly attractive target for attackers, it is crucial for users to install a trusted security solution and update software regularly.
Throughout the second quarter of 2023, Kaspersky researchers detected that more than 11,000 users have encountered attacks leveraging an old vulnerability in Microsoft Office software, known as CVE-2017-11882.
This vulnerability allows attackers to exploit the equation editor in Microsoft Office documents, enabling them to execute malicious code on the targeted device. Consequently, malware or unwanted software can be installed without the user’s knowledge.
To exploit the vulnerability, attackers need to either send a malicious file to a potential victim or create a website with the same type of file and then try to trick people into opening it using social engineering techniques.
Although the vulnerability has long been identified and patched, there has been a surge of 483% in the second quarter in exploits for this compared to the first quarter of this year. This alarming trend indicates that even old vulnerabilities remain an effective method for attacking both consumer devices and organisations’ infrastructures.
“Attackers have indeed started using this exploit again. It is highly likely that they are attempting to implement new obfuscation techniques in order to evade detection,” says Alexander Kolesnikov, malware analyst team lead at Kaspersky. “For example, they could be trying to insert new types of malicious data in Microsoft Office documents. Proven security solutions designed for universal detection will still prevent attacks like these and protect users. However, it is no less important to install software updates and patches on time.’
The established trend persisted during this period as attackers continued to rely on old vulnerabilities in Microsoft software as their primary tools. They most frequently exploited CVE-2018-0802, with more than 130 000 individuals attacked. Exploitation of this vulnerability typically follows the same pattern as the aforementioned CVE-2017-11882, involving memory corruption where an attacker could take control of the system using a specially crafted file.
CVE-2010-2568, CVE-2017-0199, and CVE-2011-0105 also made it onto the list of the most frequently detected exploits in the second quarter. The first one involves code execution via a specially crafted LNK file, while the last two are related to Microsoft Office suite.