MS Office’s 17 Year old Vulnerability Letting Hackers to Install Malware

At the point when the world is as yet managing the risk of ‘unpatched’ Microsoft Office’s worked in DDE include, analysts have revealed a major issue with another Office segment that could enable hackers to remotely introduce malware on focused PCs. 
The bug is a memory-corruption issue that resides in all variants of Microsoft Office launched in the previous 17 years, including Microsoft Office 365, and conflicts with all adaptations of Windows working framework, including the most recent Microsoft Windows 10 Creators Update.
 
Found by the security analysts at Embedi, the powerlessness prompts remote code execution, permitting an unauthenticated, remote attacker to execute malicious code on a focused on framework without requiring client cooperation in the wake of opening a vindictive report. 
The weakness, distinguished as CVE-2017-11882, lives in EQNEDT32.EXE, a MS Office part which is in charge of inclusion and altering of conditions (OLE objects) in records. 
In any case, because of uncalled for memory operations, the part neglects to legitimately deal with objects in the memory, tainting it such that the hacker could execute noxious code with regards to the signed in client. 
Seventeen years prior, EQNEDT32.EXE was presented in Microsoft Office 2000 and had been kept in all variants launched after Microsoft Office 2007 keeping in mind the end goal to guarantee the product stays good with records of more seasoned forms.
Since this component has a number of security issues which can be easily exploited, disabling it could be the best way to ensure your system security.
Users can run the following command in the command prompt to disable registering of the component in Windows registry:
reg add “HKLMSOFTWAREMicrosoftOfficeCommonCOM Compatibility{0002CE02-0000-0000-C000-000000000046}” /v “Compatibility Flags” /t REG_DWORD /d 0x400
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What is ethical hacking and how you can start?

The world is relying on the internet increasingly every day. Banking, e-commerce, social media, and all manner of government and industrial systems are now...

The Lies of VPN Service Providers

Privacy, anonymity, and security is the main concern for an online user. Many VPN service providers claim that their service helps the user protect...

4 Easy Ways To Help Your Startup Stand Out

There has not been a time in modern history more competitive for new businesses than now. In some ways, this is a very good...

Top Suggestions To Minimize Cyber Attack Risks

The Cyber Protection and Cyber Attack definition play an important role in maintaining both global security and operational productivity due to the rapid proliferation...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.