Recent statistics from Vietnamese cybersecurity corporation Bkav indicate that nearly four million computers in Vietnam are susceptible to virus attacks due to the absence of necessary patches for a security vulnerability.
On Friday, Bkav issued a cautionary statement highlighting the severity of the security vulnerability, identified as CVE-2023-21716, found in the Microsoft Office suite.
The vulnerability, rated near maximum severity with a score of 9.8 out of 10, has the potential to enable remote code execution on targeted devices.
Exploiting this security vulnerability, hackers will have the ability to launch extensive virus infection campaigns.
By doing so, they can remotely gain control over the compromised devices, collect and encrypt data, as well as download and execute additional malicious software.
Cybercriminals trick users into downloading a Word file embedded with a malicious Rich Text Format (RTF).
This allows them to exploit the vulnerability effectively, so that even when users do not open Word documents but simply view them in preview mode, they can still fall victim to these attacks.
Despite the availability of patches for the security vulnerability since February 2023, Bkav’s statistics reveal that approximately four million computers that have not been patched in Vietnam remain vulnerable to virus attacks.
According to Nguyen Tien Dat, general director of Bkav’s malware research center, vulnerabilities like this one are highly appealing to hackers due to their presence in widely used text file formats.
He further mentioned that updating the patch for devices lacking automatic updates is not a straightforward process, and not everyone possesses the necessary knowledge or capability to do so.
To mitigate the risk of being targeted, security experts advise users to promptly update their systems with the latest patch provided by Microsoft.
Additionally, caution is advised when handling suspicious emails.
Users should carefully examine the sender’s email address and exercise care when clicking on links or opening attachments.