Microsoft Office security scams are on the rise - here's what you need to know

Despite transitioning to a largely subscription-based model several years ago, Kaspersky acknowledges that older versions of Microsoft office software remain popular, urging users to stay on top of their cybersecurity.

Attackers exploiting old Office vulnerability

The now-patched issue affects Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016. Kaspersky says:

“This vulnerability allows attackers to exploit the equation editor in Microsoft Office documents, enabling them to execute malicious code on the targeted device.”

In essence, an attacker is able to install malware onto a victim’s device without them knowing.

While interest in that vulnerability in particular have spiked in recent months, attackers continue to exploit old vulnerabilities across the board. More than 130,000 attacked users have been tracked in relation to CVE-2018-0802.

CVE-2010-2568, CVE-2017-0199, and CVE-2011-0105 have also proven popular among attackers, each accounting for thousands of attacks.

Kaspersky Malware Analyst Team Lead Alexander Kolesnikov said: “Attackers have indeed started using this exploit again,” stressing the fact that “It is no less important to install software updates and patches on time.”

In fact, that is the company’s first recommendation for those looking to reduce their risk of attack. More generally, users are being advised to check for mistakes and irregularities in URLs and other message content and to use suitable endpoint protection software.

• Give your machine a cybersecurity boost with the best firewalls and the best malware removal