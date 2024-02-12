Old Vulnerabilities, New Threats: The Persistent Danger of Outdated CVEs in Microsoft Office

The Unyielding Threat of Outdated CVEs

In the ever-evolving world of cybersecurity, it's often the latest 0-day vulnerabilities that grab headlines and command attention. However, a new report reveals that three old and well-known CVEs in Microsoft Word and Excel continue to pose a significant threat in 2023. These vulnerabilities, despite their age, have been responsible for the spread of various malware families, causing chaos and disruption in industries worldwide.

Malware Families Exploiting Known Vulnerabilities

The researchers discovered that more than 13,000 samples exploiting these CVEs remain active, with various formats and tricks used to spread malware. The most notorious malware families leveraging these vulnerabilities include Dridex, Guloader, and LokiBot. Newer additions to the payload include samples utilized by Agent Tesla, Gamaredon APT, and Formbook/Xloader.

Industries Under Attack: Banking, Finance, and Beyond

Attack domains have primarily targeted lucrative industries, such as banking and finance. However, government and healthcare sectors have also been in the crosshairs. Malicious documents, or maldocs, with specified CVEs have been used to deceive users into enabling editing, thereby allowing the malware to execute.

Technical Tricks and Encryption: The Art of Deception

The malicious documents use technical tricks to hide their harmful nature and lure users into opening them. The most common lure is a poorly formatted text that requires the user to enable editing. In the case of Excel malicious documents, they may be encrypted using MS Enhanced RSA and AES crypto-providers.

The escalating threat of these outdated CVEs necessitates immediate action from organizations and individuals alike. Researchers emphasize the importance of detecting and stopping this malware as early as possible to prevent further damage and disruption.

As the global cybersecurity landscape continues to evolve, this report serves as a stark reminder that the threats of yesterday can still wreak havoc today. By remaining vigilant and investing in robust cybersecurity measures, organizations can protect themselves from the persistent danger of outdated CVEs.

By shedding light on these threats and raising awareness, we can collectively work towards a safer and more secure digital world.

Note: This article was written on February 12, 2024.