In Q2 2022, the number of attacks exploiting vulnerabilities in the Microsoft Office suite increased – now accounting for 82% of the total number of exploits for different platforms and software, such as Adobe Flash, Android, Java etc.
Kaspersky experts found that exploits for the vulnerability, designated CVE-2021-40444, were used to attack almost 5,000 people in Q2 2022, which is eight times more than during Q1 2022. This zero-day vulnerability in Internet Explorer’s engine MSHTML was first reported in September 2021. The engine is a system component used by Microsoft Office applications to handle web content. When exploited, it enables the remote execution of malicious code on victims’ computers.
|Attacked users in Q2 2022
of attacked users, %
Q2 2022 vs Q1 2022
The comparative number of users affected by Microsoft Office vulnerabilities in Q2 2022, and associated dynamics
According to Kaspersky’s telemetry data, CVE-2021-40444 was previously exploited during attacks on organizations in the research and development, energy and industrial sectors, financial and medical technology, as well as telecommunications and IT.
“Since the vulnerability is quite easy to use, we expect an increase in its exploitation. Criminals craft malicious documents and convince their victims to open them through social engineering techniques. The Microsoft Office application then downloads and executes a malicious script. To be on the safe side, it is vital to install the vendor’s patch, use security solutions capable of detecting vulnerability exploitation, and to keep employees aware of modern cyberthreats,” comments Alexander Kolesnikov, malware analyst at Kaspersky.
Older versions of Microsoft Office suite are an invitation for attackers
CVE-2018-0802 and CVE-2017-11882 became leaders in terms of the total number of victims in Q2 2022, seeing a slight rise on Q1. They were used to attack almost 487,000 users via older versions of Microsoft Office suite programs, which remain quite popular and still a highly attractive target for criminals. Exploiting these vulnerabilities, attackers typically distributed malicious documents to damage the memory of the Equation Editor component and ran malicious code on the victim's computer.
The number of users affected by CVE-2017-0199 grew by 59% to more than 60,000. If exploited successfully, this vulnerability enables attackers to control a victim’s computer and view, change, or delete data without their knowledge.
Read more about malware attacks in Q2 2022 on Securelist.com.
In order to prevent attacks via Microsoft Office vulnerabilities, Kaspersky researchers recommend implementing the following measures:
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.