Light Dark
July 6, 2016 By Douglas Bonderud 2 min read

Microsoft Office is huge. As noted by Windows Central, there are more than 1.2 billion users worldwide leveraging some version of Office. While big numbers are good for Microsoft and generally positive for consumers, there’s another group enjoying the benefit: attackers.

Not only are they targeting new deployments of Office 365, but according to SecurityWeek, these cybercriminals are also leveraging old Microsoft vulnerabilities to gain arbitrary code access and wreak havoc. Here’s a look at what’s being called “the bug that just won’t die.”

One Step Forward…

The recent Office issues call to mind a quote from fictional manager Michael Scott of television show “The Office”: “I have flaws, what are they? Oh, I don’t know, I sing in the shower, sometimes I spend too much time volunteering, occasionally I’ll hit someone with my car.” Microsoft’s offering is similar: Many of its flaws — remember the helpful paper clip? — are better categorized as minor annoyances, but occasionally a problem emerges that’s just too big to ignore.

That’s the case with CVE-2012-0158, which, according to Sophos, was the most popular exploit vector in Q4 2015. The year marker tells the tale: This issue was detected and fixed over four years ago, yet almost 40 percent of computers worldwide are still susceptible.

Here’s how it works: Attackers convince users to open files on a malicious website or via an email attachment. Since these files are often .doc or .xml format, it’s no stretch for employees to assume they’re legitimate. Once cybercriminals infect a device, they can execute arbitrary code, effectively turning Office programs into stealthy malware droppers.

The malware is also adaptive. Attackers first used Microsoft Excel worksheet encryption and then RTF embedding to obfuscate their activities and dupe antivirus products. Ultimately, the combination of trusted file formats, vulnerable software versions, high-level program control and antivirus adaptation have conspired to keep this old-timer in the office long after it should have retired.

…And Two Steps Back for Microsoft Vulnerabilities

While old Microsoft vulnerabilities are still causing havoc, the software giant is also dealing with newly discovered flaws in previous Office iterations. As noted by Microsoft TechNet, for example, a new fix for CVE-2016-0025 — which affects Office versions from 2016 back to 2006 — addresses the same type of remote code execution issue as CVE-2012-0158.

Even the company’s new cloud-based offering Office 365 isn’t immune. SC Magazine reported that, on June 22, millions of Office 365 users were sent phishing emails that contained Cerber ransomware. Once infected, users were informed via audio files that they had been infected and had to pay 1.4 bitcoins (around $500) to regain file access.

Despite a rapidly increasing attack surface, things are looking up for Office. New holes are being patched, Microsoft said it blocked the 365 attack within hours of detection, and even CVE-2012-0158 exploits have been forced to shift from spam campaigns to targeted attacks as security teams crack down.

Still, it’s worth noting that just as old versions of Office provide substantial functionality for users long after new iterations are released, that same longevity helps prop up previous attacks.

 |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature