According to the latest report from Menlo Security Being one of the top choices as an attack vector is probably not a contest that any of the platforms want to win. Regrettably, for Microsoft, MS Office will not only persist to be the attacker’s vector of choice, but it will also be the platform for exploiting the vulnerabilities.
After the 360 Total Security blogged about the first Advanced Persistent Threat (APT) campaign that outlines its attack with an Office document embedding a newly discovered Internet Explorer 0-day exploit. The Menlo Security researchers required to understand why some of the attackers were using the malicious Office documents for endpoint the exploitation.
Malicious Microsoft Office documents have attached to emails as an attack delivery mechanism which is not new, but according to the report, Microsoft Office: The New Platform for Exploiting Zero-Days detailed the latest examples of the increasing complexity of methods which is being used and also highlighted the need for a more foolproof approach towards the security.
While the paper was being drafted, a latest zero-day exploit CVE-2018-5002 was automatically disclosed, though all two Flash zero-day vulnerabilities will continue to be exploited in the wild.
The report also stated that there is likely to be a boost in attacks through the malevolent email attachments by using the stealthily embedded, remotely hosted malicious mechanism that leverage applications and also the operating system vulnerabilities, both new and old.
However, researchers did find some new attack methods. One is the use of entrenched which remotely hosted the malicious components exploiting app and also OS vulnerabilities in the Word documents which delivering zero-day exploits.
Though the Microsoft Word is one of the leading cloud office-productivity platforms, and its popularity is likely to grow. It will most probably continue to be the attackers’ vector of choice and also the platform most often used to develop vulnerabilities.
In the latest report, the researchers initiate that nearly all recent zero-day attacks have been delivered through the Microsoft Word. With CVE-2018-8174 and CVE-2018-5002, the attackers leveraged Word as a vector to exploit the Adobe Flash Player and also the Internet Explorer. Since by using Word as the vector, the attackers were easily able to exploit a web browser, if it is not even the default browser, and also exploiting Flash, although Flash is blocked by most enterprises.
The report concluded that Microsoft is thus undoubtedly going to become the platform that some of the attackers leverage most only to deliver their zero-day exploits.