Kaspersky: 70 percent of attacks now target Office vulnerabilities
New Kaspersky Lab research shows that threat actors are increasingly trying to take advantage of security flaws in Microsoft Office products. In the last quarter of 2018, attackers went after Office flaws in a whopping 70% of attacks detected by Kaspersky. In Q4 of 2016 this number was still only 16%.
Kaspersky pointed out that “[n]one of the top most exploited vulnerabilities are in MS Office itself.” Instead, the two most exploited flaws (CVE-2017-11882 and CVE-2018-0802) affect Office’s legacy Equation Editor component. This is because “Malware authors prefer simple, logical bugs,” and the Equation Editor vulnerabilities are highly reliable, easy to exploit, and impact all Microsoft Word editions released in the past 17 years.