Hackers Continue to Exploit an Unpatched Microsoft Office Vulnerability for Years

Written by on 18-03-2021

Despite Microsoft is updating its software since 2017, but cyber breaching is still prevailing even until now, hackers are sighting ways to exploit vulnerabilities by delivering malware. Microsoft Office years-old vulnerabilities that were left unpatched, successfully breached by hackers.

An analysis made by HP researchers, a report stating in Q4 of 2020 was caught by HP Sure Click, discovered an old, unpatched memory corruption vulnerability in Microsoft Office, the exploit is CVE-2017-11882, which was sighted in December 2017. This exploit is used by hackers to send phishing emails to victims, luring them to open a malicious document, then malware starts spreading.

Although there are updates were made for 3 years since 2017, hackers can look for ways to hack into Microsoft Office documents, delivering malware to many, the CVE-2017-11882 has accounted for 87% of exploits from Q4 2020, doubling in just a few months. Email remains a highly used practice by hackers, distributing malware attachments continuously.

HP Researchers also discovered at the last point of Q4 2020, Excel Spreadsheets is used to distribute malware, it was sighted an increase in malicious spam distribution of Dridex malware, Dridex malware originated since 2012, the distribution is tripled the amount detected compare to Q3 2020.