The Israeli software company Checkpoint described in a post on Wednesday four newly found vulnerabilities in the popular Microsoft Office program used by millions around the world.
According to Checkpoint, the source of the weakness stem from an old Microsoft Office component dating back to Office 95, that is still active in the system to this day, and is called MSGraph. This component is used in the display and construction of graphs that can be embedded in popular program within Office, such as Excel, Word and PowerPoint.
Checkpoint indicated that the vulnerabilities would allow hackers to infiltrate a user's computer and potentially infect it with malware via Office files within the system. In this case, Checkpoint notes, users are vulnerable even if they do not open a file associated with Office.
Following the discovery, Checkpoint updated Microsoft, which then patched the vulnerability in order to prevent future infiltrations by hackers. Checkpoint also noted that Office users who have not yet downloaded the latest Windows update may still be vulnerable to attack.
Yaniv Balmas, Head of Cyber Research at Checkpoint, remarked on the importance of the discovery, saying that "These weaknesses are relevant to all Office products, hence their wide risk potential. In many cases, old components that are still used in popular software can be valid for access. One such weak link is enough to damage the entire product chain. We encourage all users of the popular Windows software to update to the latest Microsoft software updates to ensure that they are as protected as possible from such vulnerabilities."