According to the latest report from Kaspersky. Microsoft Office products are the number one target for hackers. As part of the presentation, Kaspersky said that around 70 percent of the attacks in Q4 2018 were directed towards Microsoft Office products. It is also worth noticing that Office products had an unpatched vulnerability that was being targeted by hackers.
Microsoft Office is the top target for attackers
Putting things in perspective, in 2016 the attack rate on Office products is less than one-fourth of what it is now. That being said the vulnerabilities were not part of the core Microsoft Office component but existed in related components.
The CVE-2017-11882 and the CVE-2018-0802 were targeted by various malware. However, both these vulnerabilities existed in “Office’s legacy Equation Editor” component. According to the researchers “A look at the most exploited vulnerabilities of 2018 confirms exactly that: Malware authors prefer simple, logical bugs.”
“That is why the equation editor vulnerabilities CVE-2017-11882 and CVE-2018-0802 are now the most exploited bugs in MS Office. Simply put, they are reliable and work in every version of Word released in the past 17 years.” They further added that “And, most important, building an exploit for either one requires no advanced skills.”
Surprisingly the vulnerabilities are exploited via Office files. To make things worse the vulnerability exploits components have been used in the Office for many years. On the other hand, if Microsoft excludes these components than it is quite possible that the Office will lose its backward compatibility.
Yet another report from credence also reported similar findings and reported Microsoft as the most exploited vulnerability in 2018. The report further blames security research. It says that the exploit for an Office vulnerability becomes available in the dark web within days and attackers use the same before its patched.