Microsoft Office vulnerability threatens nearly four million computers

July 17, 2023 | 19:04
(0) user say
Vietnamese cybersecurity firm Bkav issued a stark warning on July 14 by highlighting the alarming risk posed by a critical vulnerability in Microsoft Office, leaving nearly four million computers in Vietnam in potential danger of remote attacks and data breaches.
Microsoft Office vulnerability threatens nearly four million computers

The vulnerability, known as CVE-2023-21716, carries a severity rating of 9.8 out of 10, enabling remote code execution on targeted devices. By exploiting this loophole, hackers can gain the ability to launch widespread virus campaigns, seize control of compromised devices, exfiltrate and encrypt data, as well as distribute and execute additional malicious codes.

Nguyen Tien Dat, director of Bkav's esteemed Malware Research Center, stressed the inherent allure of such vulnerabilities to hackers, given their presence in commonly used document file formats.

Furthermore, users with automatic updates disabled face the intricate challenge of applying the necessary security patches, making securing such vulnerabilities a daunting task for many.

Despite a patch being made available as early as February, Bkav's data reveals that almost four million computers in Vietnam remain susceptible to virus attacks due to the absence of necessary updates.

The update allows users to scan their computers and promptly identify the presence of the CVE-2023-21716 vulnerability. If detected, two options are provided. Users can either use Windows Update via the Settings menu to apply the patch, or manually download the official patch from Microsoft by clicking 'OK' on the scan result notification.

Phishing attacks represent the simplest and most commonly employed method for exploiting this vulnerability. Hackers employ deceitful tactics, luring users into downloading seemingly harmless Word documents that harbour malicious elements.

In fact, users need not even open the Word document itself; merely previewing it could lead to a successful attack.

This vulnerability, despite being flagged by experts some time ago and Microsoft taking prompt action in February to address the issue, continues to pose a significant risk to users and the potential for exploitation remains substantial.

Meanwhile, the Ministry of Information and Communications disclosed that during the initial half of 2023, the Authority of Information Security handled 6,362 network attacks. This figure marks a 4.2 per cent decrease compared to the corresponding period of 2022 when 6,641 incidents were recorded.

Coteccons signs MoU with Microsoft Vietnam Coteccons signs MoU with Microsoft Vietnam

On May 30, Coteccons – one of the top construction companies in Vietnam – signed a three-year MoU with Microsoft Vietnam for the 2023-2025 period to leverage the power of AI and cloud technology to promote innovation in the construction industry.

Firemon, Nessar, and Viettel IDC collaborate to enhance cybersecurity in Vietnam Firemon, Nessar, and Viettel IDC collaborate to enhance cybersecurity in Vietnam

On April 14, Nessar and Viettel IDC jointly announced the signing of a strategic cooperation contract with FireMon, a provider of security policy management solutions, aiming to provide effective options for customers in Vietnam.

Promoting healthcare system's cybersecurity Promoting healthcare system's cybersecurity

Cyberattacks pose a threat to the healthcare industry by leaking patient data and disrupting essential services. Huong Le, country manager of Exclusive Networks Vietnam, spoke with VIR's Thanh Van about how to improve cybersecurity in the healthcare system.

By Nhat Minh

What the stars mean:

★ Poor ★ ★ Promising ★★★ Good ★★★★ Very good ★★★★★ Exceptional