At the Kaspersky Lab Security Analyst Summit, the company showed data for the fourth quarter of 2018. Office has increasingly become the go-to attack target with the number of attempts four times higher than they were during Q4 2016. Back then, Microsoft Office vulnerability attacks took just 16 percent of all exploits. Interestingly, Kaspersky Lab says the problem is not with Microsoft’s Office platform per se. “None of the top most exploited vulnerabilities are in MS Office itself. Rather, the vulnerabilities exist in related components.”
Components
To emphasize the point, the company highlighted CVE-2017-11882 and CVE-2018-0802, the two most exploited vulnerabilities. Both of these exploits target the outdated Office Equation Editor component. “A look at the most exploited vulnerabilities of 2018 confirms exactly that: Malware authors prefer simple, logical bugs,” the presentation explained. “That is why the equation editor vulnerabilities CVE-2017-11882 and CVE-2018-0802 are now the most exploited bugs in Microsoft Office. Simply put, they are reliable and work in every version of Word released in the past 17 years,” Kaspersky Lab researchers added. “And, most important, building an exploit for either one requires no advanced skills.” Exploiting Office files is another way the platform can be targeted. The team said Office vulnerabilities are a popular malware target is because a major crime network has been developed around the platform. A whole black market has developed where bugs can quickly be packaged and sold. “Bugs themselves have become much less complex, and sometimes a detailed write-up is all a cybercriminal needs to build a working exploit,” Kaspersky said.
