HomeWinBuzzer NewsOutdated Microsoft Office Flaw Still a Hotbed for Cyber Attacks

Outdated Microsoft Office Flaw Still a Hotbed for Cyber Attacks

Old bug, new trick: Hackers are weaponizing a patched 2017 Microsoft Office flaw (CVE-2017-11882) to spread Agent Tesla spyware.

-

Experts have identified that cybercriminals have perfected the exploitation of a long-fixed Microsoft Office flaw, tracked as CVE-2017-11882, to proliferate the notorious spyware known as ‘Agent Tesla‘. This security gap, despite being addressed through patches issued in 2017, remains a potent tool for attackers aiming to infiltrate systems using carefully crafted phishing emails.

Infectious Documents in Disguise

The modus operandi involves deceiving email recipients into opening seemingly benign documents, such as those labeled with business-related terms like “orders” and “invoices”. These misleading labels cloak weaponized Excel documents which, upon being downloaded and opened by unsuspecting users, initiate a clandestine communication with a hostile server. This serves as a conduit for retrieving additional obfuscated malware files without any further input from the user.

The EQNEDT32.EXE component within Office—an equation editor tool—is the vulnerable point, as it mishandles objects in memory, allowing for arbitrary code execution. Despite a patch being available for years, some users have either neglected to apply the updates or are utilizing unsupported versions of Office, which has kept the exploitation viable. Microsoft has previously warned about the flaw:

Advanced Evasion and Exfiltration Techniques

In the subsequent stages of the attack, the VBS script retrieved executes a highly obfuscated code that sidesteps analysis and downloads a JPG containing a concealed, Base64-encoded DLL file. Hereon, a PowerShell script extracts and executes the malicious code from the image, ultimately fetching the Agent Tesla payload. Once embedded, this spyware is capable of logging keystrokes, capturing screenshots, and harvesting credentials, granting the attackers unfettered access to sensitive corporate information.

To confront such threats, companies must actively ensure that all their software is up-to-date with the latest security patches and educate employees on the dangers of unsolicited email attachments. Security firms like emphasize the ongoing evolution of malware delivery methods and stress the importance of staying informed on emerging cybersecurity threats to better defend digital infrastructure from such incursions.

Last Updated on November 7, 2024 11:18 pm CET

SourceSecu
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
We would love to hear your opinion! Please comment below.x
()
x
Mastodon