Microsoft Office fixes four security vulnerabilities: Here's why users need to update right away | Tech News

Microsoft Office fixes four security vulnerabilities: Here's why users need to update right away

Microsoft Office vulnerabilities were spotted by cybersecurity firm to Check Point Research in a tool found called MSGraph, which has been used by the office suite since 1995.

By: HT TECH
| Updated on: Aug 21 2022, 18:04 IST
FILE PHOTO - A man wearing a mask looks at this phone outside the Microsoft office in Beijing, China on Friday, Aug. 7, 2020 
FILE PHOTO - A man wearing a mask looks at this phone outside the Microsoft office in Beijing, China on Friday, Aug. 7, 2020  (AP)
FILE PHOTO - A man wearing a mask looks at this phone outside the Microsoft office in Beijing, China on Friday, Aug. 7, 2020 
FILE PHOTO - A man wearing a mask looks at this phone outside the Microsoft office in Beijing, China on Friday, Aug. 7, 2020  (AP)

Microsoft Office users need to update their software right away, as the office suite has just received important critical security patches to fix four security flaws in Microsoft Word, Excel, PowerPoint, Office Web according to cybersecurity firm Check Point Research.

Security flaws in the Microsoft Office software were previously identified by the cybersecurity firm, which would allow an attacker to take control of a computer, read and access files — and even install ransomware on it, locking its files behind a password until a specified sum of money is paid, usually in cryptocurrency.

Also read: Microsoft Edge just turned on a new security feature to protect millions of users as they browse the web

According to Check Point Research, the weaknesses were spotted in a tool found in the Microsoft Office software called MSGraph. This package is extremely old and was being used by the office suite since 1995. “The vulnerabilities are the result of parsing mistakes made in legacy code found in Excel95 File Formats, giving researchers reason to believe that the security flaws have existed for several years,” the company said in a blog post.

Microsoft Office vulnerabilities are not uncommon, considering the large codebase that has expanded to add new features and functionality over the years. The company regularly updates its software with performance improvements and security fixes, such as the recently issued update to fix the security flaws detected by the security firm.

Check Point Research says that it discovered the flaws by “fuzzing” MSGraph which is used to display charts and graphs inside the Microsoft Office suite. The term fuzzing refers to a technique to automatically find coding errors and security loopholes in software by randomly feeding invalid and unexpected data inputs into a program, to discover software bugs that can be exploited.

Read more: Microsoft to reveal the ‘next generation of Windows' on June 24

In order to patch the security flaws, users will need to go through Windows Update. Here are the steps to follow in order to stay protected from the newest Microsoft Office security flaws:

Step 1: Click the Start button and go to Settings, then click on Update and security, then click Windows Update

Step 2: Check for updates manually on the main screen, then go to Advanced options and select the Automatic (recommended) option under Choose how updates are installed.

Step 3: (Optional) Restart your desktop or laptop computer once the updates are installed.

“Even though we found only four vulnerabilities on the attack surface in our research, one can never tell how many more vulnerabilities like these are still laying around waiting to be found. I strongly urge Windows users to update their software immediately, as there are numerous attack vectors possible by an attacker who triggers the vulnerabilities that we found,” said Yaniv Balmas, Head of Cyber Research at Check Point Software.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 09 Jun, 13:22 IST
NEXT ARTICLE BEGINS