Here are the updates you need to install to make sure your computer is safe.
CVE-2021-31174 • CVE-2021-31178 • CVE-2021-31179 • CVE-2021-31939.
Yaniv Balmas, Head of Cyber Research at Check Point Software, explains the attack: “The vulnerabilities found affect almost the entire Microsoft Office ecosystem. It is possible to run such an attack on almost any Office software including Word, Outlook, and others.
“We learned that the vulnerabilities were caused by parsing errors in the legacy code. One of the key takeaways from our research is that legacy code continues to be a weak link in the security chain, especially in complex software like Microsoft Office.
“Even if our research only found four vulnerabilities on the attack surface, it can never be said how many more vulnerabilities of this type are still waiting to be discovered. Possible attack vectors by an attacker that triggers the vulnerabilities we found.”