Image: Getty/Manuel Breva Colmeiro
One of the most popular security vulnerabilities among cyber criminals during the past few months is a software flaw in Microsoft Office that’s over five years old – and it continues to be exploited because, despite a longstanding available security update, many businesses still haven’t applied it.
According to analysis by cybersecurity researchers at Digital Shadows, the most commonly discussed vulnerability among cyber criminals on underground forums over the last three months is CVE-2017-11882 – a security flaw in Microsoft Office first disclosed in 2017.
When exploited successfully, this vulnerability allows cyber criminals to execute remote code on a vulnerable Windows system, providing a way for attackers to drop malware secretly onto the machine.
Malware delivered in attacks exploiting CVE-2017-11882 includes Formbook, which secretly provides attackers with remote access capabilities, keystroke logging, and the ability to take screenshots, putting victims at risk of stolen usernames and passwords.
The vulnerability is also associated with the delivery of Redline, malware that steals usernames, passwords, credit card details and the contents of cryptocurrency wallets, along with the contents of chat logs.
Attacks looking to exploit CVE-2017-11882 often begin with phishing emails designed to lure victims into opening malicious documents, which trigger the bug.
Although a security patch for CVE-2017-11882 has been available for several years, the vulnerability is still prevalent enough to be commonly exploited by