Russia-based internet cybersecurity firm Kaspersky says that the number of exploits for vulnerabilities in the Microsoft Office suite increased globally compared to Q1 2022. In Q2 2022 these exploits accounted for 82% of the total number of exploits across different platforms.
This is according to the latest Kaspersky quarterly malware report. The firm says that the META (Middle East, Turkey and Africa) region also saw an increase in the attacks via MS Office vulnerabilities.
MS Office vulnerabilities CVE-2021-40444, CVE-2017-0199, CVE-2017-11882 and CVE-2018-0802 were used by criminals most often during the second quarter, being exploited to attack more than 551,000 users in total.
These attempts recorded in the report were countered by Kaspersky’s solutions. The company says that if the attackers had succeeded, they would have gotten control over the computers of victims to view, change, or delete data without their knowledge through remote execution of malicious code.
Vulnerability | Attacked users in Q2 2022 | Dynamics of attacked users, % Q2 2022 vs Q1 2022 |
CVE-2021-40444 | 4,886 | 696% |
CVE-2017-0199 | 60,132 | 59% |
CVE-2017-11882 | 140,623 | 5% |
CVE-2018-0802 | 345,827 | 3% |
The comparative number of users affected by Microsoft Office vulnerabilities in Q2 2022, and associated dynamics.
Microsoft Offices Vulnerabilities Exploited Across Africa
In Kenya, the number of users attacked through these vulnerabilities in the Microsoft Office suite over the last quarter increased by 20%.
Nigeria saw a 9% increase in the number of attacked users. In South Africa, the number of users attacked through these vulnerabilities decreased 3% in Q2 compared to Q1, however, the upward trend in the number of such attacks globally keeps security operations centres on alert.
Kaspersky experts found that exploits for the vulnerability, designated CVE-2021-40444, were used to attack almost 5,000 people globally in Q2 2022, which is eight times more than during Q1 2022.
The CVE-2021-40444 is a vulnerability in MSHTML, Internet Explorer’s engine. Internet Explorer is part of Microsoft operating systems, as some software on Windows relies on its engine for working with online content – for instance, components of Microsoft Office.
“Since CVE-2021-40444 is quite easy to use, we expect an increase in its exploitation globally. Criminals craft malicious documents and convince their victims to open them through social engineering techniques,” comments Alexander Kolesnikov, malware analyst at Kaspersky.
“The Microsoft Office application then downloads and executes a malicious script. To be on the safe side, it is vital to install the vendor’s patch, use security solutions capable of detecting vulnerability exploitation, and to keep employees aware of modern cyberthreats.”
Read more about malware attacks in Q2 2022 on Securelist.com.