Microsoft Office patches 4 critical security flaws

Check Point Research, a cybersecurity company, had advised Microsoft Office customers to update their software as soon as possible following the discovery of four security vulnerabilities that enable attackers to take control of a computer, rearrange and access files, and install ransomware.


CVE-2021-31174, CVE-2021-31178, CVE-2021-31179, and CVE-2021-31939 were the security issues identified.


Microsoft has since released a patch for the Office suite, which fixes the four vulnerabilities discovered in Word, Excel, PowerPoint, and Office Web.


The flaws were reportedly discovered in a utility included in Microsoft’s MS Graph software.



Excel, Microsoft Office, Word, Security, InfoSec, Computer Security, antivirus, Microsoft, Computer Security, computers, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cyberattack, cyberattacks, cybercrime, cybercriminals, cybersafe news, cybersecurity, cybersecurity news now, cybersecurity news today, dark web, data breach, Data leak, data stealing malware, DDoS, Distributed Denial of Service, Email, email security, exploit, hacker news, Hacks, Infected Installer, information security, InfoSec, infosec news, latest cybernews today, latest cybersecurity news today, Microsoft office suite, linux, Mac, Malicious email campaign, Malvertising, Malware, malware app, malware removal, mining bots, Mobile Security, network security, online security, personal data exposed, Phishing, Privacy, Microsoft security flaw, python bot, Microsoft office security flaw, ransomware, ransomware attack, ransomware attacks 2021, ransomware gang, ransomware group, ransomware malware, ransomware news, RCE, recent ransomware attacks, Remote Access Trojan, Remote Code Execution, remote desktop app, remote desktop app virus, remote desktop malware, REvil, rootkit, Security, smartphone, software vulnerability, Spam, spyware, Supply Chain, tech, tech news, tech support, tech updates, technical support, Technology, trojan, virus, virus removal, Microsoft office exploit, Vulnerabilities, Vulnerability, Web Security, what is ransomware
MSGraph editor embedded in a Microsoft Excel document



Microsoft patched three of the four problems — CVE-2021-31174, CVE-2021-31178, and CVE-2021-31179 — as part of its Patch Tuesday update for May 2021, with the fourth (CVE-2021-31939) was released in June’s update.



According to the researchers, the vulnerability may be exploited as easily as opening a malicious Excel (.XLS) file via a download link or an email in a hypothetical attack scenario.


The vulnerabilities were uncovered through “fuzzing” MSGraph, a program that displays charts and graphs within the Microsoft Office suite.


Fuzzing is an automated software testing approach that involves randomly injecting faulty and unexpected data into a computer program in order to uncover hackable software flaws.


This is done to look for coding faults as well as security flaws.


It is critical that you update to the latest version of Windows and Microsoft Office to ensure that you are no longer vulnerable to the security flaws.


Users can enable automatic updates by going to the Update & Security page in Windows settings and checking the box.


The list of four vulnerabilities are as follows –

  • CVE-2021-31179 – Microsoft Office Remote Code Execution Vulnerability
  • CVE-2021-31174 – Microsoft Excel Information Disclosure Vulnerability
  • CVE-2021-31178 – Microsoft Office Information DisclosureChinese Vulnerability
  • CVE-2021-31939 – Microsoft Excel Remote Code Execution Vulnerability


“The vulnerabilities found, affect almost the entire Microsoft Office ecosystem.


It’s possible to execute such an attack on almost any Office software, including Word, Outlook and others.


We learned that the vulnerabilities are due to parsing mistakes made in legacy code”, Yaniv Balmas, Head of Cyber Research at Check Point Software said.



Also read: Microsoft warns about phishing attack by Nobelium group spoofing USAID


You might also like: Microsoft warns of data stealing malware (StrRAT Fake-Ransomware RAT)


You might also like: Fake Microsoft Authenticator extension spotted in the Chrome Web Store