Security News Over 100 vulnerabilities found in Microsoft 365 as SketchUp is added

Gandalf_The_Grey

Level 79
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,845
What you need to know
  • Cybersecurity firm Zscaler discovered 117 vulnerabilities affecting the Microsoft 365 suite, pinpointing SketchUp as the root cause of these issues.
  • Microsoft issued patches for these issues, but the researchers claim they could still bypass the fixes.
  • SketchUp is temporarily disabled in the Microsoft 365 suite as Microsoft works on a permanent resolution.
An emerging report by a cybersecurity firm dubbed Zscaler has uncovered over a hundred vulnerabilities in Microsoft 365. The report further details that the recent inception of SketchUp into the platform is the root cause of these problems.

For those not conversant with SketchUp (SKP) files, they are a 3D model file format developed in the early 2000s, though Microsoft integrated it into its cloud-based productivity tools last year.

The researchers disclosed that they had been looking into the platform for a period of three months. It was during this time that they were able to identify 117 unique vulnerabilities and security flaws impacting Microsoft 365 apps.
 
F

ForgottenSeer 103564

Microsoft 365 Apps is a suite of productivity tools that includes the following apps and services offered by Microsoft through a subscription service:-

  • Microsoft Teams
  • OneDrive
  • SharePoint
  • PowerPoint
  • Outlook
  • Word
  • Excel
  • Microsoft Office
  • Microsoft OneNote
  • Microsoft Access
  • Microsoft Publisher
  • Microsoft Exchange Server
  • Skype for Business
  • Power BI
  • Microsoft Visio
  • Microsoft Lists
  • Yammer
  • Microsoft Project
  • Skype
Hackers often target these applications because they are widely used in business environments, providing a large potential attack surface, and successful compromises can provide access to sensitive information and corporate networks.

When Microsoft introduced support for SketchUp (SKP) files in June 2022, it unintentionally revealed 117 vulnerabilities in Microsoft 365 apps.

The cybersecurity analysts at the ThreatLabz research team discovered all these vulnerabilities.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top