Security News

Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system. The most critical of the flaws are CVE-2021-42321 and CVE-2021-42292, each concerning a post-authentication remote code execution flaw in Microsoft Exchange Server and a security bypass vulnerability impacting Microsoft Excel versions 2013-2021 respectively.

It's a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, and CVE-2021-42292, a Microsoft Excel security feature bypass bug.CVE-2021-42321, the remote code execution vulnerability in Microsoft Exchange Server 2016 and 2019, is due to issues with the validation of command-let arguments.

Microsoft will soon begin disabling Excel 4.0 XLM macros by default in Microsoft 365 tenants to protect customers from malicious documents. Excel 4.0 macros, or XLM macros, were first added to Excel in 1992 and allowed users to enter various commands into cells that are then executed to perform a task.

Due to the coronavirus pandemic, companies around the globe quickly transitioned to remote work to mitigate the spread of COVID-19 in-house. As a result, remote workers are logging on for the virtual workday on their home networks and at times even via their personal devices, leading to new security risks.

Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware. The problem is that bad actors have started using Excel sheets and macros as a new way to deliver malware.

A defibrillator management platform was riddled with vulnerabilities including a remote command execution flaw that could seemingly be invoked by uploading an Excel spreadsheet to the platform. Or so warned the US's Cybersecurity and Infrastructure Security Agency, which said the Defibrillator Dashboard software, made by medical devices firm Zoll, contained six flaws in total, the combined effect of which could present an infosec Swiss cheese for malicious people to exploit.

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates. Microsoft also released non-security Office updates last week addressing bugs that may lead to PowerPoint crashes and other issues affecting Windows Installer editions of Office 2016, Office 2013, and Office 2010 products.

A ransomware campaign, dubbed Hakbit, is targeting mid-level employees across Austria, Switzerland and Germany with malicious Excel attachments delivered via the popular email provider GMX. The spear-phishing based campaign is low volume and so far targeted the pharmaceutical, legal, financial, business service, retail, and healthcare sectors. In this campaign, when GuLoader runs, it then downloads and executes Hakbit, a known ransomware that encrypts files using AES-256 encryption.

For more than five months, Lastline security researchers have tracked the evolution of malicious Excel 4.0 macros, observing the fast pace at which malware authors change them to stay ahead of security tools. A central part of many organizations' productivity tools, Excel opens the door for phishing attacks where victims are tricked into enabling macros in malicious documents, which can results in the attackers gaining a foothold on the network, in preparation for additional activities.