Researchers at the company discoveredZscaler“Specialized in the field of providing security software services, there are 117 technical vulnerabilities in the “Microsoft 365” office application package, which may allow unwanted content to be inserted into user files.
The company explained that its researchers found serious security vulnerabilities in the “SketchUp” program for creating 3D digital models and using them within Microsoft office applications.
Last year, Microsoft added the feature of playing SketchUp files, which was developed in 2000, to its office application suite.
‘Disturbing revelation’
By reverse engineering the software component for creating digital models within Office files, security researchers discovered that Microsoft uses a number of programming interfaces for the SketchUp service to run and display the content of the models within its files normally.
The researchers discovered 20 vulnerabilities within these programming interfaces, and later found 97 other vulnerabilities during their deeper research.
Microsoft indicated that the discovered vulnerabilities allow remote control of users’ computers. The American company placed the vulnerabilities in sections under 3 code names, and classified them as “high risk.”
For his part, Kai Lu, chief security researcher at Zscaler, said that “no evidence of exploiting these vulnerabilities on the Internet was observed,” but he pointed out that “exploiting them was not impossible,” according to his statements to the website.Tech Target“.
“A loophole in the solution”
Interestingly, Microsoft’s developer team quickly issued software updates to resolve the security vulnerabilities, but researchers once again revealed the presence of the same vulnerabilities in the company’s applications even after installing security updates.
The researchers took the initiative to inform the American company about their ability to bypass its latest updates, which prompted Microsoft to disable the feature of displaying digital models and running “SketchUp” files within the files of various “Office” services.
The official report from “Zscaler” confirmed that this step will fully protect users’ privacy at the present time, and stand as a firewall against any attempts by hacking groups to exploit these vulnerabilities in a way that violates the data privacy of Microsoft 365 users.
2023-11-08 12:10:56
#security #vulnerabilities #discovered #Microsoft #applications