Microsoft Office is huge. As noted by Windows Central, there are more than 1.2 billion users worldwide leveraging some version of Office. While big numbers are good for Microsoft and generally positive for consumers, there’s another group enjoying the benefit: attackers.

Not only are they targeting new deployments of Office 365, but according to SecurityWeek, these cybercriminals are also leveraging old Microsoft vulnerabilities to gain arbitrary code access and wreak havoc. Here’s a look at what’s being called “the bug that just won’t die.”

One Step Forward…

The recent Office issues call to mind a quote from fictional manager Michael Scott of television show “The Office”: “I have flaws, what are they? Oh, I don’t know, I sing in the shower, sometimes I spend too much time volunteering, occasionally I’ll hit someone with my car.” Microsoft’s offering is similar: Many of its flaws — remember the helpful paper clip? — are better categorized as minor annoyances, but occasionally a problem emerges that’s just too big to ignore.

That’s the case with CVE-2012-0158, which, according to Sophos, was the most popular exploit vector in Q4 2015. The year marker tells the tale: This issue was detected and fixed over four years ago, yet almost 40 percent of computers worldwide are still susceptible.

Here’s how it works: Attackers convince users to open files on a malicious website or via an email attachment. Since these files are often .doc or .xml format, it’s no stretch for employees to assume they’re legitimate. Once cybercriminals infect a device, they can execute arbitrary code, effectively turning Office programs into stealthy malware droppers.

The malware is also adaptive. Attackers first used Microsoft Excel worksheet encryption and then RTF embedding to obfuscate their activities and dupe antivirus products. Ultimately, the combination of trusted file formats, vulnerable software versions, high-level program control and antivirus adaptation have conspired to keep this old-timer in the office long after it should have retired.

…And Two Steps Back for Microsoft Vulnerabilities

While old Microsoft vulnerabilities are still causing havoc, the software giant is also dealing with newly discovered flaws in previous Office iterations. As noted by Microsoft TechNet, for example, a new fix for CVE-2016-0025 — which affects Office versions from 2016 back to 2006 — addresses the same type of remote code execution issue as CVE-2012-0158.

Even the company’s new cloud-based offering Office 365 isn’t immune. SC Magazine reported that, on June 22, millions of Office 365 users were sent phishing emails that contained Cerber ransomware. Once infected, users were informed via audio files that they had been infected and had to pay 1.4 bitcoins (around $500) to regain file access.

Despite a rapidly increasing attack surface, things are looking up for Office. New holes are being patched, Microsoft said it blocked the 365 attack within hours of detection, and even CVE-2012-0158 exploits have been forced to shift from spam campaigns to targeted attacks as security teams crack down.

Still, it’s worth noting that just as old versions of Office provide substantial functionality for users long after new iterations are released, that same longevity helps prop up previous attacks.

More from

Are you ready to build your organization’s digital trust?

4 min read - As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote work and insider behavior. Digital trust can make your organization’s digital transformation stronger. A lack of digital trust can do irreparable harm. However, according to ISACA’s State of Digital Trust 2023 report, too many organizations struggle to define and implement…

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically. For this reason, 75% of organizations…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…