Though the world of hacking is only getting more and more advanced, some exploits have seemingly stuck around unchanged for years. Originally filed back in February 2009, one curious vulnerability has caught the eyes of the US government.
Published in a report this week by the American Cybersecurity and Infrastructure Security Agency (CISA), a 17-year-old exploit in Microsoft Office has been flagged as being actively exploited by threat actors (via The Register). The specifics on how to do this exploit have not been shared, but the record was last updated in 2018, implying some new information was found almost a decade after it was first spotted.
It seemingly allows remote attacks to execute code via a specifically crafted Excel document. In its first outing, this attack was used to install a Trojan dropper on a device, which would then inject further malware. The ability to upload nefarious software remotely is naturally a rather dangerous exploit.
English (US)