Microsoft has released an update for an Office component that is used to edit Word equations. The software had a security breach that allowed it to execute commands when opening an Office document, even in the latest versions of the office suite distributed to Office 365 subscribers. The vulnerability went unnoticed for 17 years, but was discovered by Embedi security company.
The crash was reported to Microsoft in March, but the problem was only fixed last Tuesday (14). The vulnerable file, called “EQNEDT32.EXE,” is no longer used in recent versions of Office, but you must keep it available for compatibility with documents created in older versions of the software.
According to Embedi, Word’s protected mode, used to open documents downloaded from the internet, prevents the exploit from crashing. If the user authorizes Word to leave protected mode, however, the problem can be exploited and the result is contamination of the computer with a virus.
0patch security experts reviewed the update distributed by Microsoft and speculated that Microsoft apparently did not edit the source code of the software to correct the problem. Instead, some very skilled programmer edited the file directly to fix it.
Making changes in this way requires certain “offsets” in the code. Without them, the program may stop working. To reduce the number of changes required, it is imperative that any modifications do not take up more space than the replaced part. And that’s exactly what the Microsoft programmer did: none of the changes takes up more space than the previous code.
When changes are made to the source code, the file is mounted by another software (called “compiler”) that takes care of all structure and low-level code automatically. But in this case, it appears that the breach has not been corrected in this way, because there is no evidence that a compiler has reassembled the file.