Incident Of The Week: MS Office Has Been Vulnerable For 17 Years



Dan Gunderman
11/17/2017

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a vulnerability patched by Microsoft this week that was reportedly 17 years old.

In Microsoft’s “Patch Tuesday” efforts for November, the company unveiled 53 security patches for a number of its different offerings, including Windows, Internet Explorer, Office, Edge and others. One fix among the batch targeted CVE-2017-11882, which had reportedly gone unseen for 17 years.

Twenty CVEs (common vulnerabilities and exposures) were classified as “Critical,” while 30 were Important and three were Moderate. None of the CVEs led to an active attack, while three of the bugs were publicly known and none were zero-day, according to Dark Reading.

Researchers at the firm Embedi, which focuses on security for embedded devices, released a report on a remote code execution vulnerability, which they say had flown under the radar at Microsoft for 17 years.

See Related: Incident Of The Week: Slip-Up In Mobile App Code Exposes 180M Users

CVE-2017-11882 is a vulnerability in Microsoft Office’s memory function, and can be drawn upon to run code that can control and alter a system. This threat is more active for administrative users, as the program can be hijacked to make installs, edit data and create accounts.

The danger could spread widely and rapidly with one effective phishing campaign. At this point, all it would take is one open of a corrupted file to spread the venom. The malicious activity could extend to the web, as well, where a website could house a file containing the elemental parts of the Microsoft glitch. One download and the bug could spread like wildfire.

Embedi researchers reportedly tested the flaw, saying it worked on all versions of Microsoft Windows dating back nearly two decades. If utilized, the weak spot would not interrupt a user’s work on Office, either, making it a stealthy threat.

One wrinkle in this discussion is “protected view” mode in Office. This is one impenetrable avenue for the prospective hacker. Yet, with some ingenuity, these key punchers could prompt users to save to the cloud (OneDrive, Google Drive). At which point, once reopened there, that protected view would be shattered, according to Embedi.

See Related: Incident Of The Week: 'Silence' Trojan Records Financial Info

News of the age-old CVE was reportedly delivered to Windows in March 2017. It was reportedly resolved in the latest patch round.

This is especially noteworthy to the enterprise professional, who for ages may have relied on Microsoft Office as a stable, fortified application suite.

Yet, there are researchers whose job it is to test for these weaknesses – before attackers capitalize on certain data and spread their plague.

Although this issue boils down to administrative rights and viewing mode within Office, it goes to show that at the heart of any system could be a flaw ready to be harnessed by a growing number of black hats.