MS Office has security problems

Picture 1 of MS Office has security problems Experts have warned about a deadly weakness in how to handle Macromedia Flash files that can put users at risk of attack.

Flash files embedded in MS Office files can run or execute code that users are unaware of.

This is a security issue related to the third consecutive Microsoft Office software suite discovered in just one week.

If you successfully exploit this security error, the attacker can access sensitive information and execute malicious code on the system that is being corrupted, Symantec confirmed in the warning message sent to the guests. line.

Debasis Mohanty is a researcher who discovered this security error. However, this is a problem related to the ability to download ActiveX controls of Office files rather than a security error arising from the suite's features. ActiveX is a small application to increase the compatibility of web pages.

" The Macromedia Flash file handling method in terms of design and the feature itself does not put users at risk of being attacked ," the Microsoft representative said.

But Microsoft also confirmed that this vulnerability could be exploited by hackers to automatically operate an ActiveX on a user's system via an Office file. Microsoft has not recorded any cases of ActiveX that can help hackers break into PC systems that make mistakes.

" Microsoft will continue to investigate more information about this issue to help provide more necessary instructions for customers ," Microsoft representatives confirmed.

ActiveX-related issues are the third security issue related to Office found within a week. On Tuesday, Microsoft also confirmed that a security error related to a Windows component "hlink.dll" could be exploited by creating a malicious Excel file. Last weekend, another gap in Excel was also exploited to attack users.

To be able to exploit new security errors in Office, an attacker needs to create a dangerous file and store it on the Internet, send it via email or take it to the victim's hand. Only when the user opens the file will the attack be considered successful.

Almost every security error was discovered immediately after Microsoft released a monthly security patch.

Hoang Dung