Security News

Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs
2021-11-09 22:24

Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system. The most critical of the flaws are CVE-2021-42321 and CVE-2021-42292, each concerning a post-authentication remote code execution flaw in Microsoft Exchange Server and a security bypass vulnerability impacting Microsoft Excel versions 2013-2021 respectively.

Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)
2021-11-09 20:01

It's a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, and CVE-2021-42292, a Microsoft Excel security feature bypass bug.CVE-2021-42321, the remote code execution vulnerability in Microsoft Exchange Server 2016 and 2019, is due to issues with the validation of command-let arguments.

Microsoft is disabling Excel 4.0 macros by default to protect users
2021-10-07 22:32

Microsoft will soon begin disabling Excel 4.0 XLM macros by default in Microsoft 365 tenants to protect customers from malicious documents. Excel 4.0 macros, or XLM macros, were first added to Excel in 1992 and allowed users to enter various commands into cells that are then executed to perform a task.

U.S. companies excel at limiting shadow IT, according to a new report
2021-09-21 13:15

Due to the coronavirus pandemic, companies around the globe quickly transitioned to remote work to mitigate the spread of COVID-19 in-house. As a result, remote workers are logging on for the virtual workday on their home networks and at times even via their personal devices, leading to new security risks.

Excel is still a security headache after 30 years because of this one feature
2021-08-13 16:41

Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware. The problem is that bad actors have started using Excel sheets and macros as a new way to deliver malware.

Zoll Defibrillator Dashboard would execute contents of random Excel files ordinary users could import
2021-06-15 18:16

A defibrillator management platform was riddled with vulnerabilities including a remote command execution flaw that could seemingly be invoked by uploading an Excel spreadsheet to the platform. Or so warned the US's Cybersecurity and Infrastructure Security Agency, which said the Defibrillator Dashboard software, made by medical devices firm Zoll, contained six flaws in total, the combined effect of which could present an infosec Swiss cheese for malicious people to exploit.

Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware
2021-04-28 06:43

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

Microsoft Office February security updates patch Sharepoint, Excel RCE bugs
2021-02-10 14:28

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates. Microsoft also released non-security Office updates last week addressing bugs that may lead to PowerPoint crashes and other issues affecting Windows Installer editions of Office 2016, Office 2013, and Office 2010 products.

Hakbit Ransomware Attack Uses GuLoader, Malicious Microsoft Excel Attachments
2020-06-23 14:39

A ransomware campaign, dubbed Hakbit, is targeting mid-level employees across Austria, Switzerland and Germany with malicious Excel attachments delivered via the popular email provider GMX. The spear-phishing based campaign is low volume and so far targeted the pharmaceutical, legal, financial, business service, retail, and healthcare sectors. In this campaign, when GuLoader runs, it then downloads and executes Hakbit, a known ransomware that encrypts files using AES-256 encryption.

Researchers Dive Into Evolution of Malicious Excel 4.0 Macros
2020-06-04 04:15

For more than five months, Lastline security researchers have tracked the evolution of malicious Excel 4.0 macros, observing the fast pace at which malware authors change them to stay ahead of security tools. A central part of many organizations' productivity tools, Excel opens the door for phishing attacks where victims are tricked into enabling macros in malicious documents, which can results in the attackers gaining a foothold on the network, in preparation for additional activities.