Microsoft Office lets hackers execute arbitrary code, update now

Zero-day attack
(Image credit: Shutterstock) (Image credit:

Cybersecurity researchers from Cisco Talos recently discovered a high-severity vulnerability in Microsoft Office that would allow potential threat actors to remotely execute malicious code on the target endpoint. 

Announcing the news in a short blog post published earlier this week, the office software developer said its researcher Marcin 'Icewall’ Noga uncovered a class attribute double-free vulnerability affecting Microsoft Excel.

By running a weaponized Excel file, the victim would allow the attacker to execute arbitrary code on their device. The vulnerability is now being tracked as CVE-2022-41106, and other than that, details are scarce. 

What we do know is that Microsoft was notified and has already provided a patch. Excel users are advised to update their software to version 2207 build 15427.20210 and version 2202 build 14931.20660.

Targeting office workers

Microsoft’s productivity suite continues to be one of the most popular attack vectors among cybercriminals. Up until recently, Office documents with malicious macros, distributed via email, were the most popular way to have office workers download and run malware on their computers, opening up the doors to more destructive cyberattacks such as ransomware or identity theft.

More recently, Microsoft decided to prevent the software from running macros at all, in files downloaded from the internet, as opposed to the trusted, local network.

That prompted cybercriminals to move away from macros and into Windows shortcut files (.lnk) which are now widely used to side-load malicious .dlls, and other kinds of malware. 

Regardless of the security measures implemented by software makers and companies, one truth remains - the employees are still the weakest link in the cybersecurity chain. Unless they are educated and trained to stop cyberattacks, crooks will always find a way to trick them into downloading and running malware. 

Besides this, making sure the staff isn’t overworked and distracted can also help improve the cybersecurity posture of any company.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.