Security News Over 100 vulnerabilities found in Microsoft 365 as SketchUp is added

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,601
Content source
https://www.windowscentral.com/software-apps/office-365/over-100-vulnerabilities-found-in-microsoft-365-as-sketchup-is-added
What you need to know
  • Cybersecurity firm Zscaler discovered 117 vulnerabilities affecting the Microsoft 365 suite, pinpointing SketchUp as the root cause of these issues.
  • Microsoft issued patches for these issues, but the researchers claim they could still bypass the fixes.
  • SketchUp is temporarily disabled in the Microsoft 365 suite as Microsoft works on a permanent resolution.
An emerging report by a cybersecurity firm dubbed Zscaler has uncovered over a hundred vulnerabilities in Microsoft 365. The report further details that the recent inception of SketchUp into the platform is the root cause of these problems.

For those not conversant with SketchUp (SKP) files, they are a 3D model file format developed in the early 2000s, though Microsoft integrated it into its cloud-based productivity tools last year.

The researchers disclosed that they had been looking into the platform for a period of three months. It was during this time that they were able to identify 117 unique vulnerabilities and security flaws impacting Microsoft 365 apps.
Click to expand...
www.windowscentral.com

Over 100 vulnerabilities found in Microsoft 365 as SketchUp is added

SketchUp's integration wasn't exactly smooth sailing.
www.windowscentral.com www.windowscentral.com
 
  • Like
  • +Reputation
  • Wow
Reactions: Nevi, CyberTech, Andy Ful and 8 others
F

ForgottenSeer 103564

Microsoft 365 Apps is a suite of productivity tools that includes the following apps and services offered by Microsoft through a subscription service:-

  • Microsoft Teams
  • OneDrive
  • SharePoint
  • PowerPoint
  • Outlook
  • Word
  • Excel
  • Microsoft Office
  • Microsoft OneNote
  • Microsoft Access
  • Microsoft Publisher
  • Microsoft Exchange Server
  • Skype for Business
  • Power BI
  • Microsoft Visio
  • Microsoft Lists
  • Yammer
  • Microsoft Project
  • Skype
Hackers often target these applications because they are widely used in business environments, providing a large potential attack surface, and successful compromises can provide access to sensitive information and corporate networks.

When Microsoft introduced support for SketchUp (SKP) files in June 2022, it unintentionally revealed 117 vulnerabilities in Microsoft 365 apps.

The cybersecurity analysts at the ThreatLabz research team discovered all these vulnerabilities.
Click to expand...
gbhackers.com

117 Vulnerabilities Discovered in Microsoft 365 Apps

Microsoft 365 Apps is a suite of productivity tools that includes the following apps and services offered by Microsoft.
gbhackers.com
 
Last edited by a moderator:
  • Wow
  • Like
  • HaHa
Reactions: Nevi, silversurfer, CyberTech and 5 others

Similar threads

enaph
    • Hundred Points
    • Like
    • Applause
Privacy News EC's use of Microsoft 365 violates data-privacy rules, watchdog group says
Replies
0
Views
700
Security News
enaph
enaph
S
New Microsoft guidance for the DoD Zero Trust Strategy
Replies
1
Views
151
Microsoft Defender
Bot
Bot
Gandalf_The_Grey
    • +Reputation
    • Like
    • Applause
Technology Microsoft will unbundle Teams from Microsoft 365 and Office 365
Replies
5
Views
858
Technology News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top