Old vulnerabilities lay dormant and unpatched, leaving the gate wide open for attack, as Q2 telemetry from one cybersecurity firm shows
According to the telemetry of one cybersecurity firm, the number of attacks exploiting Microsoft Office vulnerabilities had increased in Q2 2022, accounting for 82% of the total number of exploits for different platforms and software such as Adobe Flash, Android, Java, and so on, in the user base.
Two vulnerabilities—CVE-2018-0802 and CVE-2017-11882 affected almost 487,000 users via older versions of Microsoft Office suite programs, which remain quite popular and are still a highly attractive target for criminals. Exploiting these vulnerabilities, attackers typically distributed malicious documents to damage the memory of the Equation Editor component and then run malicious code.
Next in attack volume was CVE-2017-0199, which witnessed a 59% growth in exploitation to reach more than 60,000 victims. When exploited, this vulnerability enables attackers to control a victims’ devices and view, change, or delete data without their knowledge.
Finally, CVE-2021-40444 had been used to attack around 5,000 people in Q2—696% more than in the previous quarter. First reported in Sep 2021, this vulnerability in the Internet Explorer MSHTML layout engine, when exploited, enables remote code execution on victims’ computers. It was previously exploited during attacks on research and development, financial, medical technology, energy, telecommunications, IT and industrial sectors.
According to Alexander Kolesnikov, malware analyst, Kaspersky, which supplied the telemetry findings: “Through social engineering techniques cybercriminals craft malicious documents and convince their victims to open them, causing the main application to download and executes a malicious script.” Users of old versions of Microsoft Office should keep up to date on security patches, employ security solutions capable of detecting vulnerability exploitation, and spread awareness to all teams about modern cyber threats. Macros from the Internet will be blocked by default (except on Android, Mac or web-based implementations) on a specified timeline.
| Vulnerability | Victims in Q2 2022 | Percentage increase over Q1 2022 |
|---|---|---|
| CVE-2021-40444 | 4,886 | 696% |
| CVE-2017-0199 | 60,132 | 59% |
| CVE-2017-11882 | 140,623 | 5% |
| CVE-2018-0802 | 345,827 | 3% |
Microsoft Office vulnerabilities exploited in Q2 2022 in Kaspersky’s user base
