MS Office represents 73% of most-exploited applications

The Office Suite’s ubiquity and decades-long legacy make it a labyrinth of vulnerabilities.
18 December 2019

Microsoft Word icon. Source: Shutterstock

It may not be the sexiest of software suites, but Microsoft office is the default workhorse of most of the world’s businesses. An end-of-2017 study by SpiceWorks claimed 83 percent of the world’s enterprises use the Office toolkit, while the firm’s cloud-based 365 offering continues to gain steam. 

But, while ‘Word’, ‘Powerpoint’ and ‘Excel’ are now etched in the 21st-century business history books, the ubiquity of Office has also made it one of the largest attacks surfaces.

According to research gathered by PreciseSecurity.com via Statista, the most commonly exploited applications worldwide as of the third quarter of this year were related to MS Office. Data shows that exactly 72.85 of cyber exploits were performed in MS Office products as of the third quarter of this year.

Some of the most common vulnerabilities in MS Office were related to stack overflow errors in the Equation Editor application. Other vulnerabilities included CVE-2017-8570, CVE-2017-8759, and CVE-2017-0199. 

Another important vulnerability was related to a zero-day issue CVE-2019-1367 that produced memory corruption and allowed remote code execution on the target system.

Kaspersky reported this year that Microsoft Office products are today’s top target for attackers, with 70 percent of attacks in Q4 2018 seeking to abuse a Microsoft Office vulnerability. On that report, Kaspersky noted that “None of the topmost exploited vulnerabilities are in MS Office itself. Rather, the vulnerabilities exist in related components.”

Two of the most-exploited vulnerabilities at the time of the research impacted Office’s legacy Equation Editor component (which has now been killed off). That is because they were reliable and have historically worked in every version of Word for more than a decade.  

“Malware authors prefer simple, logical bugs,” the company said, adding that exploiting them requires “no advanced skills”. This was one of many such vulnerabilities that were complex to remove without hampering Office’s backward compatibility.

According to PreciseSecurity.com, Office products led by far as the world’s most-exploited applications, with Browsers following at just 13.5 percent. Android (9 percent), Java (2.4 percent), Adobe Flash (1.6 percent) and PDF (0.7 percent) followed. 

The top five countries that are sources of web-based attacks include the United States with 79.2 percent of the market share, followed by the Netherlands with 15.6 percent, Germany with 2.4 percent, France with 1.9 percent and Russia 1 percent.

Companies, applications, and firms are trying to reduce these exploits— which are costly and can affect large amounts of users— to the minimum. However, hackers and attackers are usually ready to find new bugs and use them to take advantage of vulnerabilities.