MS Office Memory Leak Issue Repaired by Microsoft
Microsoft Office is used by worldwide users and it is easily available from www.office.com/myaccount. Memory Leak Vulnerabilities in Microsoft Office apps have earlier stated in which potential hackers could misuse Microsoft apps like Word, PowerPoint etc. amongst other products. This issue was identified in the entire MS Office suite by researchers and they found a Microsoft Office issue that could leak sensible data to hackers.
This latest Microsoft Office Vulnerability of memory leak could share to private data
Microsoft Office vulnerability was revealed by researchers from the Mime cast Research Labs back in November 6, 2018 and they informed Microsoft team at www.office.com/setup about it. They stated that misusing this vulnerability could enable a hacker to get access to sensible data. Also, the bug could also reveal earlier generated Office files.
The researchers have mentioned the information of their findings by a blog post and to clarify about the vulnerability, they declare, “Microsoft Office product had a memory leak… this memory leak leads to the permanent writing of memory content into different Microsoft Office files and thus, the potential for the unintended leakage of sensitive information and local machine information.”
Supposedly, the memory leak breach hit all of the Microsoft Office Suite applications and leaking private data within the various Office files. Upon reviewing the suspicious files taken from the clients, Mimecast researchers discovered machine processing code in the Office files. Then, additional examinations showed that the vulnerability available in all MS Office files with ActiveX commands.
As per the Mimecast statement, the breach looks suggestive of the already recognized Heartbleed vulnerability found in 2014. The researchers say that they could detect the appearance of this issue in files. It indicates that the defect has already hit thousands of users around the globe.
Memory Leak Vulnerabilities Fixes by Microsoft
An impressively easy safety breach in Microsoft Office has lastly been repaired 2 months after Microsoft stated in their blog at Www.Office.Com/Setup the issue with the statement,
“An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.”
Then Microsoft repaired the difficulty in January 8, 2019 with the package of security bug solutions available at www.office.com/setup. The security vulnerability includes ActiveX controls which are still available in Office 2019, Office 365 and Office 2016. It can be found in the Developer Tab below Legacy Tools.
This latest Microsoft Office Vulnerability of memory leak could share to private data
Microsoft Office vulnerability was revealed by researchers from the Mime cast Research Labs back in November 6, 2018 and they informed Microsoft team at www.office.com/setup about it. They stated that misusing this vulnerability could enable a hacker to get access to sensible data. Also, the bug could also reveal earlier generated Office files.
The researchers have mentioned the information of their findings by a blog post and to clarify about the vulnerability, they declare, “Microsoft Office product had a memory leak… this memory leak leads to the permanent writing of memory content into different Microsoft Office files and thus, the potential for the unintended leakage of sensitive information and local machine information.”
Supposedly, the memory leak breach hit all of the Microsoft Office Suite applications and leaking private data within the various Office files. Upon reviewing the suspicious files taken from the clients, Mimecast researchers discovered machine processing code in the Office files. Then, additional examinations showed that the vulnerability available in all MS Office files with ActiveX commands.
As per the Mimecast statement, the breach looks suggestive of the already recognized Heartbleed vulnerability found in 2014. The researchers say that they could detect the appearance of this issue in files. It indicates that the defect has already hit thousands of users around the globe.
Memory Leak Vulnerabilities Fixes by Microsoft
An impressively easy safety breach in Microsoft Office has lastly been repaired 2 months after Microsoft stated in their blog at Www.Office.Com/Setup the issue with the statement,
“An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.”
Then Microsoft repaired the difficulty in January 8, 2019 with the package of security bug solutions available at www.office.com/setup. The security vulnerability includes ActiveX controls which are still available in Office 2019, Office 365 and Office 2016. It can be found in the Developer Tab below Legacy Tools.
An attacker can transfer a file with ActiveX controls, which can allow others to open the file and allow the ActiveX controls. When the file is saved, a piece of data memory is stored with the file. As Mimecast points that data stored to the file could hold sensitive data that surely should not be in a Word file.
If you’ve implemented the January 2019 bug fixes, especially the CVE-2019-0560 then your files and data are secure now. All MS Office suite versions from Office 2010 to Office 2019 and Office 365 are supported in Windows are impacted by it.
Also, Mimecast verified that no existing expoitations of this breach in wrong really live. While Microsoft has repaired the issue, the researchers worry that the earlier generated Office files exist on the internet still persist exploitable. So, they advise users to delete such documents or restore them with the repaired MS Office versions. For further instructions, you can visit the www.office.com/setup website and contact experts.
