Just Rs 999: 1-year pack + offers

Journalism of Courage

Microsoft Office patches 4 critical flaws: Here’s why you should update now

Cybersecurity firm Check Point Research has urged Microsoft Office users to update their software immediately to fix four security flaws.

Microsoft, Microsoft Corp, Microsoft Antitrust Battle, Antitrust Battle Microsoft, Google, Microsoft news, Google news,While Congress and US regulators have clashed with Facebook Inc, Alphabet Inc, Amazon.com Inc and Apple Inc over the companies’ business practices, Microsoft hasn’t received the same kind of scrutiny ( Image source : File)

Cybersecurity firm Check Point Research has urged Microsoft Office users to update their software immediately after four security flaws were found that allowed attackers to take control of a computer, rear and access files, and install ransomware. The security flaws were identified as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 and CVE-2021-31939.

Microsoft has since patched the Office suite that fixes the four security flaws found across Microsoft Word, Excel, PowerPoint and Office Web. The weaknesses were reportedly spotted in a tool found in MS Graph, a Microsoft Office software.

Discovering the vulnerability

Check Point Research discovered the flaws by “fuzzing” MSGraph which is used to display charts and graphs inside the Microsoft Office suite. Fuzzing is an automated software testing technique that is used to find hackable software bugs by randomly feeding invalid and unexpected data inputs into a computer program. This is done to find coding errors and security loopholes.

Update Windows and Microsoft Office to stay safe

To make sure you are no longer affected by the security vulnerabilities, it is essential that you update to the latest version of Windows and Microsoft Office. Users can do this by heading over to the Update & Security page in Windows settings and enabling Automatic updates.

Subscriber Only Stories

“The vulnerabilities found, affect almost the entire Microsoft Office ecosystem. It’s possible to execute such an attack on almost any Office software, including Word, Outlook and others. We learned that the vulnerabilities are due to parsing mistakes made in legacy code,” Yaniv Balmas, Head of Cyber Research at Check Point Software said.

Must Read |6340042

“One of the primary learnings from our research is that legacy code continues to be a weak link in the security chain, especially in complex software like Microsoft Office. Even though we found only four vulnerabilities on the attack surface in our research, one can never tell how many more vulnerabilities like these are still lying around waiting to be found. I strongly urge Windows users to update their software immediately, as there are numerous attack vectors possible by an attacker who triggers the vulnerabilities that we found,” Balmas adds.

First published on: 09-06-2021 at 19:26 IST
Next Story

Pune’s SPPU makes spectacular jump in world university rankings

Next Story