MS Office vulnerabilities, unexplained outage puts Microsoft in a tough spot

The biggest software company in the world, Microsoft has had a rough month with significant spikes in targeted malware attacks and an out-of-the-blue Office 365 outage that threw enterprises out of gear all over the globe. 


Close on the heels of a report indicating a 33 percent spike in malware attacks targeting MS Word documents, a massive Office 365 outage hit multiple geographies, creating login and server connection failures.

The outage stopped users from signing into the 365 portal and accessing Microsoft’s cloud services. Users were irked by Microsoft’s remedy asking users to access the admin centre when they weren’t even able to sign in. Users also reported that they weren’t able to get hold of Microsoft support.

Microsoft issued a statement saying: “We’ve determined that an authentication issue is preventing users from accessing the Office365 service. This issue is limited to the APAC and EMEA regions and we’re working to resolve it.”

Alarming spike in malware exploiting Office vulnerabilities

Cybersecurity research firm WatchGuard, in its Q4 2017 report, pointed out that malware attacks exploiting Microsoft Word vulnerabilities witnessed a 33 percent growth.

The quarter witnessed a large increase in malicious Office documents. With respect to malware leveraging software vulnerabilities, Germany at 71 percent claimed top spot, while China and the US witnessed 62 percent and 37.7 percent respectively.

Termed 'macro-less malware' attacks or Dynamic Data Exchange (DDE) attacks, these malicious Word documents predominantly use Powershell to infect networks.

WatchGuard’s report disclosed that cyber criminals are leveraging malicious documents to deceive users into installing malware. The report goes on to highlight how zero day malware attacks rose by a whopping 167 percent, thus indicating cyber thugs using increasingly complicated malware evasion techniques.

Earlier this week, Microsoft announced new security measures to protect Office 365 customers against cyber-attacks.

Among its new initiatives, the company has enabled file recovery from malicious attacks – a huge boon to users targeted by ransomware, and advanced protection from evolved viruses.

The new rollout enables users to use the 'Files Restore' feature from their OneDrive for Business to their personal OneDrive account.

Microsoft customers can now restore their entire OneDrive content to an earlier point in time within the last 30 days. This feature can be an absolute lifesaver during ransomware attacks and file corruption.