Do you have this program on your computer? The military issued an urgent message

The Cyberspace Defense Component Command has warned of a serious security flaw in the popular Microsoft Office office suite. The vulnerability is used by cybercriminals to attack public institutions in Poland and other Central and Eastern European countries. The military calls for an immediate software update.

As indicated in the X platform announcement, users of Microsoft Office 2016 and 2019 versions should immediately install available security patches. After updating, you need to restart the package.

How does the attack work?

According to information provided by DKWOC, cybercriminals prepare a crafted file – usually a Word document – and send it by e-mail. Once opened, a Microsoft Office security vulnerability is exploited, which allows the user to bypass the manufacturer’s default protection mechanisms.

As a result, malware is installed on the victim’s device. It may allow you to take control of your computer or smartphone and steal your data.

Importantly, infected files are sent from previously compromised e-mail accounts of employees of state institutions from countries in the region, including: Ukraine and Romania. The content of the message is matched to the business profile of the sender and recipient, which increases its credibility and makes it more difficult to detect fraud.

Precise victim selection

The Cyberspace Defense Forces emphasize that the perpetrators carefully select the institutions and specific people whose devices they want to infiltrate. They also seek to reduce the risk of detection to maintain a long-term presence on infected systems.

At the end of January, Microsoft announced that the vulnerability affected the following versions:

• Microsoft Office 2016,

• Microsoft Office 2019,

• Microsoft Office LTSC 2021,

• Microsoft Office LTSC 2024,

• Microsoft 365 Apps for Enterprise.

Phishing campaign and spy threads

The Ukrainian computer emergency response team CERT-UA also reported exploitation of this vulnerability. The first active use of the vulnerability was recorded on January 29 – three days after Microsoft published and implemented the emergency update.

According to findings quoted by cyberdefence24.pl, the vulnerability was used in real attacks by a group associated with Russian intelligence services. The victims were primarily state institutions and organizations of strategic importance in Central and Eastern Europe, including administrative units of Ukraine, Slovakia and Romania.

Experts point out that profiling messages and using local languages ​​may indicate espionage activities aimed at obtaining political and strategic information.

The military is urging all users of affected versions of Microsoft Office to urgently install security updates.