Vulnerability In Microsoft Word Went Unnoticed For 17 Years

Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.

Microsoft today released 53 security patches for the month of November as part of its routine Spot Tuesday upgrade. Among the solutions addresses CVE-2017-11882, an imperfection that has actually existed, undetected, in Microsoft Word for the past 17 years.

The solutions introduced today address defects in Windows, internet Explorer, Office, Edge, ASP.NET Core, .NET Core, and also Chakra Core. Twenty of the CVEs are classified Vital, 30 are rated Essential, as well as 3 are Modest. 3 of the bugs today are openly well-known yet none are classified as being under energetic assault, as well as there were no zero-days this month.

Scientists at Embedi, a company focusing on protection for ingrained tools, today launched a record on a 17-year-old remote code implementation susceptibility in Microsoft office, which was covered today. They declare it has actually not been covered and also Microsoft did not known it existed.

CVE-2017-11882 is a Microsoft Office Memory Corruption Susceptibility, Microsoft reports. It exists in Office software program when the software application does not correctly take care of things in memory. If efficiently made use of, it can allow an attacker run arbitrary code in the context of the individual.

If an individual has management privileges, an opponent that made the most of this make use of might take control of a contaminated system as well as set up programs, sight and also modify information, or develop brand-new accounts with complete customer legal rights. Microsoft claims this CVE is a lot more unsafe for management individuals.

CVE-2017-11882 could be made use of with a phishing assault; sufferers require just to open up a destructive documents with an impacted variation of Microsoft Workplace or Microsoft WordPad. In an online assault, an opponent might hold a web site with a harmful data created to manipulate the CVE.

The make use of was produced by Embedi specialists, that report it deals with all Microsoft Workplace variations launched in the past 17 years, consisting of Workplace 365. It services variations of Microsoft Windows, consisting of the Creators Update, as well as it matters for all kinds of style. This defect does not disturb an individual’s job within Microsoft Workplace, Embedi discusses. As soon as the paper is opened, it does not need any kind of more customer communication.

“The only obstacle right here is the safeguarded sight setting since it restricts material implementation (OLE/ActiveX/Macro),” scientists state. Nevertheless, this could be bypassed with social engineering. An assaulter could, for instance, ask an individual to conserve a data to the cloud making use of OneDrive or Google Drive. When opened up, secured sight setting would certainly not be made it possible for.

Embedi scientists reported the susceptability to Microsoft in March 2017 and also the last repair was provided today.

Greg Wiseman, elderly safety and security scientist at Rapid7, mentions CVE-2017-11882 as one of the imperfections which could be particularly hazardous.

“No non-browser susceptabilities are thought about vital this month, however with a bit of social engineering, an enemy can in theory integrate among the Office-based RCE susceptabilities like CVE-2017-11878 or CVE-2017-11882 with a Windows Bit benefit acceleration weak point such as CVE-2017-11847 to acquire complete control over a system,” he states.

Protection Against Microsoft Office Vulnerability

With this month’s Patch release, Microsoft has addressed this vulnerability by changing how the affected software handles objects in memory.

So, users are strongly recommended to apply November security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.

Since this component has a number of security issues which can be easily exploited, disabling it could be the best way to ensure your system security.

Users can run the following command in the command prompt to disable registering of the component in Windows registry:

reg add “HKLM\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}” /v “Compatibility Flags” /t REG_DWORD /d 0x400

For 32-bit Microsoft Office package in x64 OS, run the following command:

reg add “HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}” /v “Compatibility Flags” /t REG_DWORD /d 0x400

Besides this, users should also enable Protected View (Microsoft Office sandbox) to prevent active content execution (OLE/ActiveX/Macro).

If you liked this post, you might enjoy our newsletter. Receive new articles directly in your inbox:

Yes I agree to receive emails from Defenx Solution

Subscribe our Youtube Channel

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Welcome to Defenx Solution

If you need any info or details please do connect with us through any medium below. We will try to get in touch with you as early as possible.

Contact Form

or reach me via these social channels

Contact Us