For just US$2,000 you can buy a way to hack into a computer via Microsoft Office. All you need to make your own malware is the money and a willing seller on the dark web.
A recent survey by Trend Micro and reported by Dark Reading searching posts that advertised software exploits that hackers use to gain access to computers.
Well over half (61%) of the exploits were for Microsoft products. 31% targeted Microsoft Office vulnerabilities compared to 15% for Windows.
Most of the exploits advertised were less than two years old.
For a known exploit (security bug in Windows or Office) expect to pay about $2,000. A ‘zero day’ exploit is more expensive but at only $10,000 not as much as might be expected given the big opportunities available with a unpatched security hole.
Most of the offers are about exploits that Microsoft has published fixes for. The problem is that too many computers don’t get updated regularly or use older, out of support,
All this is after a decade of Microsoft promises about improved security. Promises that look increasingly hollow with a monthly parade of new security patches to say nothing of the later patches to repair damage caused by the original patch!
Sadly, the latest presentation by Microsoft’s CEO had little mention of security. Plenty of the usual buzzwords ‘empowering’ ‘partners’ ‘teamwork’ ‘monetizing’ etc when most customers just want a stable and secure platform. Instead the next major update to Windows looks like being mostly decorative, using the interface that was to be in Windows 10X, now defunct.