McAfee detected 3 new zero-day Office errors

McAfee security experts say they have discovered three new, unpatched security flaws in the Microsoft Office office suite.

Information posted on the McAfee Avert Labs Blog yesterday (April 10) information on the above security flaws has been posted on some security forums. Among these are errors that can be exploited to execute malicious code remotely.

The initial investigation results show that in the above security errors there is an error that allows denial of service attacks. This means that Office can be hanged if attacked.

" It's a buffer overflow error. This error can be exploited to remotely execute malicious code on the target system ," said security researcher Karthik Raman. The main form of attack would be to spread an Office file with a code that exploits the error and trick the user into opening it.

McAfee Avert Labs said it is conducting further research on these errors. This is also confirmed by Microsoft representatives in a statement sent yesterday. Microsoft has not recorded any attacks by taking advantage of exploiting these errors.

Information about new zero-day security flaws in Office is revealed on the day Microsoft releases a April update. Not only that, Microsoft is also dealing with the consequences of emergency security updates. Windows ANI patch released last week.

This means that users will have an unprotected month and face the risk of being attacked at any time, "warned Raman.

Hackers now know how to take advantage of information from monthly updates to organizations to attack users. Usually soon after Microsoft releases a monthly update, hackers will release code that exploits bugs targeting attackers who have not yet installed the patch.

However, the errors discovered this time may not be a new security error, said Dave Marcus, director of communications and security research at McAfee - said. " Sometimes what people say is a zero-day error is just a long-standing bug ."

Hoang Dung