A newly found Excel vulnerability allows hackers to launch arbitrary code.
Cisco Talos cybersecurity researchers have uncovered a critical vulnerability in Microsoft Office 365 that might allow prospective threat actors to remotely execute malicious code on the target device.
The office software company announced the issue saying its researcher Marcin ‘Icewall’ Noga discovered a class attribute double-free vulnerability affecting Microsoft 365 app – Excel.
The target would let the attacker execute arbitrary code on their device by launching a weaponized Excel file. The issue is now being tracked as CVE-2022-41106, and no other details are provided.
What is arbitrary code execution?
Hacking that goes beyond malware and virus assaults is known as arbitrary code execution. This approach, known as symlink injection, takes advantage of operating systems and file systems that are designed to establish shortcuts or symbolic links. Hackers can run a program without the requirement for an executable file, thereby transforming an application into malware. This sort of attack is not just harmful on PCs, but it has also been used by hackers to infect vps cloud servers running web hosting services in order to deface the cyber security of the website.
How Does Arbitrary Code Execution Work?
Computers are incapable of distinguishing between commands and genuine input. You can turn any entry into an assault if you use the appropriate sequence of characters and numbers and the system is designed to accept them. An attacker can create a new problem, alter data within a program, install a program to execute later or load other code.
The attacker’s access level is controlled by the target device or program, but the attacker’s purpose is to elevate the privileges. In essence, the attacker attempts to take administrative control of the device. If they succeed, the equipment might become a zombie device that attackers can use in future attacks.
Why Office employees are being targeted?
Microsoft Office 365 suite remains one of cybercriminals’ favorite attack vectors. Until recently, the most common means for office workers to download and run malware on their computers was through Office documents containing malicious macros transmitted over email, opening the door to more damaging hacks such as ransomware or identity theft.
Microsoft recently opted to block this from performing macros in files downloaded from the internet rather than the trusted local network.
As a result, hackers shifted their focus away from macros and onto Windows shortcut files (.lnk), which are now extensively used to side-load malicious.dlls and other types of malware.
Regardless of the security precautions put in place by software developers and businesses, one fact remains: workers are still the weakest link in the cybersecurity chain. Crooks will always find a method to mislead individuals into downloading and executing malware unless they are taught and trained to thwart intrusions.
The Effects of the Arbitrary Code Execution Exploit
Exploits that allow arbitrary code execution can be terrible for your website, mobile application, or system. It can do you harm in the following ways.
When hackers obtain access to your website, they execute arbitrary code to traverse and examine your files in order to uncover ways to acquire complete control of your website or mobile apps.
Hackers can alter or destroy information, as well as steal and sell critical data on the black market, jeopardizing users’ confidentiality and integrity.
They might use your website’s resources to launch cyber assaults or send spam emails to other websites.
How Can Arbitrary Code Execution Be Prevented?
Consider all of the preventative measures that someone may use to gain access to and abuse a system.
Remove any weird or unknown users as soon as you see them. It is advised that there be just one administrator and that other positions have the fewest rights possible. Delete all unidentified FTP hosts.
Schedule vulnerability assessment scanning regularly. It will help you to detect and remediate any security problems early on.
You should be aware that any software you use is insecure. Patch your systems and software on a regular and dedicated basis. Do not allow known exploits to compromise your security.
Also, keep your vulnerability assessment tools up to date.
Block the IP addresses gathered from previous assaults. It will aid in the prevention of future attacks from the same malicious source and will stop an attack before it begins.
Make use of secure usernames and passwords. Credentials are a unique and powerful aid in keeping your email secure and website protected.
Aside from that, ensuring that your staff isn’t overworked and distracted, will boost any company’s cybersecurity posture.
Stay safe with our vulnerability assessment services.
