Spam distributors are using a new technique to infect users with malware, and while this attack relies on having users open Word documents, it does not involve users having to allow the execution of macro scripts.
Microsoft announced yesterday that future versions of the standalone Office 2019 app will work on Windows 10 versions exclusively.
The security research team at Rhino Labs, a US-based cyber-security company, has discovered that malicious actors can use a lesser-known Microsoft Word feature called subDoc to trick Windows computers into handing over their NTLM hashes, the standard format in which user account credentials are stored.
Microsoft is considering adding Python as one of the official Excel scripting languages, according to a topic on Excel's feedback hub opened last month.
As part of the December 2017 Patch Tuesday, Microsoft has shipped an Office update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware.
A week after details about a severe Microsoft Office vulnerability came to light, at least one criminal group is now using it to infect users.
Security researchers have discovered a new ransomware strain named qkG that targets only Office documents for encryption and infects the Word default document template to propagate to new Word documents opened through the same Office suite on the same computer.
The way Microsoft patched a recent security bug has made several security and software experts believe the company might have lost the source code to one of its Office components.
Microsoft has patched today a huge security hole in Microsoft Office that could be exploited to run malicious code without user interaction on all Windows versions released in the past 17 years.
Malware authors don't necessarily need to trick users to enable macros to run malicious code. An alternative technique exists, one that takes advantage of another legitimate Office feature.
Security researchers have spotted a new type of low-and-slow brute-force attack — which they nicknamed KnockKnock — aimed at companies with Office 365 accounts.
Over the past few months, an Office vulnerability has become one of the most popular and efficient ways of delivering malware to vulnerable computers.
Today at the company's Inspire business conference, Microsoft announced a new service called "Microsoft 365" that bundles together three of its previous standalone services: Office 365, Windows 10, and Enterprise Mobility + Security.
Security researchers have spotted a booby-trapped PowerPoint file that will download malware to a computer whenever a victim hovers a link, no macro scripts required.
Microsoft's May 2017 Patch Tuesday, released yesterday, included fixes for three zero-days, which according to ESET and FireEye, were used by cyber-espionage groups operating out of Russia.
Today, WikiLeaks continued its "Vault 7" campaign by dumping another set of CIA files, but this time around, the organization also included the tool's source code, something they have not leaked in previous data dumps.
Microsoft announced last week that starting October 13, 2020, customers who purchased a copy of a standalone Office product — such as Office 2010, Office 2013, and Office 2016 — will have their access revoked to Skype for Business and OneDrive for Business accounts.
Today, Microsoft pledged itself to a new release schedule for Windows 10, for which the Redmond company promises to release all major features during two update periods, one in March and one in September, each year.
The saga of CVE-2017-0199, a recently patched zero-day vulnerability affecting Microsoft Office and WordPad, just got a little stranger yesterday after cyber-security firm FireEye revealed the vulnerability was used by both cyber-criminals pushing mundane malware, and also by state-sponsored cyber-espionage groups.