CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

MS Office’s 17 Year old Vulnerability Letting Hackers to Install Malware

Table of Contents

At the point when the world is as yet managing the risk of ‘unpatched’ Microsoft Office’s worked in DDE include, analysts have revealed a major issue with another Office segment that could enable hackers to remotely introduce malware on focused PCs. 
The bug is a memory-corruption issue that resides in all variants of Microsoft Office launched in the previous 17 years, including Microsoft Office 365, and conflicts with all adaptations of Windows working framework, including the most recent Microsoft Windows 10 Creators Update.
 
Found by the security analysts at Embedi, the powerlessness prompts remote code execution, permitting an unauthenticated, remote attacker to execute malicious code on a focused on framework without requiring client cooperation in the wake of opening a vindictive report. 
The weakness, distinguished as CVE-2017-11882, lives in EQNEDT32.EXE, a MS Office part which is in charge of inclusion and altering of conditions (OLE objects) in records. 
In any case, because of uncalled for memory operations, the part neglects to legitimately deal with objects in the memory, tainting it such that the hacker could execute noxious code with regards to the signed in client. 
Seventeen years prior, EQNEDT32.EXE was presented in Microsoft Office 2000 and had been kept in all variants launched after Microsoft Office 2007 keeping in mind the end goal to guarantee the product stays good with records of more seasoned forms.
Since this component has a number of security issues which can be easily exploited, disabling it could be the best way to ensure your system security.
Users can run the following command in the command prompt to disable registering of the component in Windows registry:
reg add “HKLMSOFTWAREMicrosoftOfficeCommonCOM Compatibility{0002CE02-0000-0000-C000-000000000046}” /v “Compatibility Flags” /t REG_DWORD /d 0x400
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among

March 24, 2022

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training