Kaspersky has identified a number of recent cases of threat actors exploiting a years-old Microsoft Office vulnerability, targeting both individuals and companies alike.
According to the researchers, 11,394 users had encountered attacks leveraging the CVE-2017-11882 vulnerability during the second quarter of 2023, an increase of 483% compared with the three months before during which there were 1,954 cases.
Despite transitioning to a largely subscription-based model several years ago, Kaspersky acknowledges that older versions of Microsoft office software remain popular, urging users to stay on top of their cybersecurity.
Attackers exploiting old Office vulnerability
The now-patched issue affects Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016. Kaspersky says:
“This vulnerability allows attackers to exploit the equation editor in Microsoft Office documents, enabling them to execute malicious code on the targeted device.”
In essence, an attacker is able to install malware onto a victim’s device without them knowing.
While interest in that vulnerability in particular have spiked in recent months, attackers continue to exploit old vulnerabilities across the board. More than 130,000 attacked users have been tracked in relation to CVE-2018-0802.
CVE-2010-2568, CVE-2017-0199, and CVE-2011-0105 have also proven popular among attackers, each accounting for thousands of attacks.
Kaspersky Malware Analyst Team Lead Alexander Kolesnikov said: “Attackers have indeed started using this exploit again,” stressing the fact that “It is no less important to install software updates and patches on time.”
In fact, that is the company’s first recommendation for those looking to reduce their risk of attack. More generally, users are being advised to check for mistakes and irregularities in URLs and other message content and to use suitable endpoint protection software.