Microsoft admits exposing millions of MS Office passwords

Reading time icon 3 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more


Sensitive user information has been compromised following a memory leak vulnerability in Microsoft Office.

The flaw was first discovered by a Mimecast Research Labs back in November 2018. A targeted threat protection technology was used by the lab for detection. The Israel-based company Mimecast has published an in-depth analysis of the flaw that revealed that the memory leak was caused by millions of Microsoft Office files including ActiveX controls.

The memory leak vulnerability in Microsoft Office has been resolved by the January 2019 security updates. Microsoft has already confirmed the memory leak issue and mentioned that it affected Office 2010, Office 2013, Office 2016, Office 2019, and Office 365 ProPlus.

Who could have exploited the vulnerability?

Anyone who is able to exploit this vulnerability successfully can easily get access to users’ systems. Attackers will get access to the sensitive information that is required to bypass Address Space Layout Randomization. The information can also be used to get access to the certificates, passwords, user/domain information and HTTP requests. All of them are stored in the memory.

One of the major issues that are associated with this vulnerability is that users are continuously disclosing sensitive information without their consent. The information can be exploited by attackers while users are creating, opening, editing or saving documents.

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

Microsoft took the necessary steps to fix the issue

Mimecast Research Labs and Microsoft both collaborated to achieve a responsible disclosure of the vulnerability. Microsoft should be appreciated for admitting the memory leak rather than hiding from the users before it’s too late. Mimecast Research Labs has also done a great job by actively working on the resolution rather than simply criticising the memory leak vulnerability in Microsoft Office. The lab has not reported any actual exploitation of sensitive information of the users.

The fact that a major vulnerability has been reported in a trustable application software owned by a tech giant is indeed worrisome. This should push Microsoft to take further measures to protect the information of millions of loyal users. These users have been using the company’s products for personal and professional purposes for decades.

The increasing cybersecurity attacks have recently impacted big names and government departments all over the world. Experts recommend users to buy premium security solutions for their systems to detect any suspicious activity in the background.


More about the topics: Cybersecurity, Microsoft Office, windows 10 news