Pakistan Christian TV

Breaking news and world news from Pakisthan Christian TV on Business, Sports, Culture. Video news. News from the US, Europe, Asia Pacific, Africa, Middle East, America.

How does the virus get to the computer?  Just open the specially edited Excel document

How does the virus get to the computer? Just open the specially edited Excel document

Bugs affecting Microsoft Exchange Server (CVE-2021-42321) and Microsoft Excel (CVE-2021-42292) were reported this week by the US software giant when it released fixes for both vulnerabilities.

Unfortunately, this does not mean that attackers’ hands are tied if they want to exploit these cracks. This is because it has been emphasized many times in the past that many users and administrators do not worry too much about installing new updates, even a few months after they are published.

“Mail servers are an attractive target for attackers not only for the information contained in email boxes, but also an attractive tool for the further spread of malware or infiltration into an enterprise network. Thus, these vulnerabilities pose a significant risk, especially in their combination, when a user account is compromised By phishing, which contains a defective Excel document, and subsequently misusing that account to put the entire server at risk, security experts have warned of NÚKIB.

The Microsoft Excel vulnerability affects both Windows and macOS systems. However, so far the patch has only been released for the first mentioned OS, and for the Apple platform, it should be available in a few days.

The attack begins by sending a specially modified Excel document as an attachment to an unsolicited email message. If the user opens it, the malicious code will be released directly into their computer due to the vulnerability.

The patch must be installed by the administrator

“The Exchange Server vulnerability allows remote code to run on the server if an attacker can access it under any account. Evidence of the vulnerability has already been released, according to Microsoft, the vulnerability is currently actively exploited and an increase in cases can be expected. After ProxyLogon and ProxyShell, this is the third critical vulnerability in Exchange Server this year, enabling remote settlement,” NÚKIB employees warned.

See also  A large part of the European Union supports closer cooperation with Israel - EURACTIV.cz

They recommended that users not delay installing updates. Otherwise, they are exposed to high security risks. However, in the case of Exchange Server, the fix is ​​on the part of the administrators of the affected servers.