Archive for the ‘Microsoft office’ Category

LibreOffice and Apache OpenOffice vulnerable to same bug; only one is fixed

February 6th, 2019
A repairman with

Enlarge (credit: Lisa Brewster / Flickr)

LibreOffice, an open source clone of Microsoft Office, has patched a bug that allowed attackers to execute commands of their choosing on vulnerable computers. A similar flaw in Apache OpenOffice remains unfixed.

Austrian researcher Alex Inführ publicly reported the vulnerability on Friday, shortly after it was fixed in LibreOffice. His disclosure included a proof-of-concept exploit that successfully executed commands on computers running what was then a fully patched version of LibreOffice. The only interaction that was required was that the target user hover over an invisible link with a mouse. On Wednesday, researcher John Lambert provided additional PoC samples.

The chief vulnerability exploited is a path traversal that allowed the attack code to move out of its current directory and into one that contained a sample Python script that LibreOffice installed by default. That allowed Inführ to invoke the cmd command on the vulnerable computer. The researcher then exploited a separate weakness that allowed him to pass parameters of his choice to the command.

Read 5 remaining paragraphs | Comments

Posted in apache openoffice, Biz & IT, code execution, exploits, LibreOffice, Microsoft office, vulnerabilities | Comments (0)

Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software

February 5th, 2019
It's 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer. No, I'm not talking about yet another vulnerability in Microsoft Office, but in two other most popular alternatives—LibreOffice and Apache OpenOffice—free, open source office software used by millions of Windows, MacOS and Linux users. Security researcher

Posted in directory traversal vulnerability, hacking news, LibreOffice, Microsoft office, office document, openoffice, remote code execution, Vulnerability | Comments (0)

Microsoft Office is now available in the Mac App Store

January 26th, 2019
Promotional graphics used for Office 365 in Apple's Mac App Store.

Enlarge / Promotional graphics used for Office 365 in Apple's Mac App Store. (credit: Apple)

The suite of Microsoft Office applications is now available for download directly in Apple's Mac App Store for the first time. Previously, Mac users had to download the applications from Microsoft's website.

The apps included are: Word, Excel, PowerPoint, Outlook, OneNote, and OneDrive. You can download them individually, or as part of a bundle.

Office 365 is subscription based. That means the software package is free to download, but you'll have to pay a subscription fee to get any use out of it. Users have the option of subscribing through their Apple accounts, which plays into Apple's efforts to convince app developers to use subscription models on its platforms to bolster reliable revenue.

Read 4 remaining paragraphs | Comments

Posted in apple, Mac, Mac App Store, Mac apps, microsoft, Microsoft office, Office 365, productivity, Tech | Comments (0)

GandCrab ransomware and Ursnif virus spreading via MS Word macros

January 25th, 2019
Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them. Both attacks start from

Posted in Cyber Attack, GandCrab ransomware, macros, malware, Microsoft office, Microsoft Word, ransomware, ransomware malware, Spear Phishing, Ursnif malware | Comments (0)

Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer

October 30th, 2018
Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuses the 'Online Video' option in Word documents, a feature that allows users to embedded an online

Posted in hacking news, microsoft, Microsoft office, Microsoft office 2016, Microsoft Office Exploit, Microsoft Office Vulnerability, Microsoft Word, Vulnerability | Comments (0)

Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities

October 9th, 2018
Microsoft has just released its latest monthly Patch Tuesday updates for October 2018, fixing a total of 49 security vulnerabilities in its products. This month's security updates address security vulnerabilities in Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Exchange Server. Out of 49 flaws

Posted in cybersecurity, microsoft, Microsoft office, Microsoft Patch Update, Microsoft Windows, operating system, Security patch Update, windows Vulnerability | Comments (0)

Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros

June 7th, 2017

“Disable macros and always be extra careful when you manually enable it while opening Microsoft Office Word documents.”

You might have heard of above-mentioned security warning multiple times on the Internet as hackers usually leverage this decade old macros-based hacking technique to hack computers through specially crafted Microsoft Office files, particularly Word, attached to spam emails.

Posted in banking malware, banking Trojan, hacking news, macro malware, macros, Microsoft office, Microsoft PowerPoint, Microsoft Word | Comments (0)

Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild

April 9th, 2017

It’s 2017, and opening a simple MS Word file could compromise your system.

Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office.

The Microsoft Office zero-day attack, uncovered by researchers from security firms

Posted in hacking news, Microsoft office, Microsoft Word, remote code execution, Windows zero-day vulnerability, zero-day exploit, Zero-Day Vulnerability | Comments (0)

Microsoft Unleashes 13 Bulletins, Six Critical

April 12th, 2016

Microsoft released six critical vulnerabilities in addition to patching the much-hyped Badlock vulnerability.

Posted in Adobe Flash Player, cve, Graphics Component, Microsoft Bulletin, Microsoft office, Microsoft XML Core Services, vulnerabilities, Web Security | Comments (0)

Microsoft issues Security Patches for Windows 10 and Edge Browser

August 12th, 2015

Updated your PCs to Windows 10? Now it’s time to patch your Windows 10 software.

Microsoft has issued its monthly Patch Tuesday by releasing 14 security bulletins, nearly half of it address vulnerabilities in its latest operating system, Windows 10.

Four of them are marked critical, affecting Windows, .Net Framework, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft

Posted in Download Windows 10, Free Windows 10 Download, hacking news, Microsoft Edge browser, Microsoft office, Microsoft Patch Tuesday, Patch management, Security patch Update, Vulnerability | Comments (0)