Source Code of an Office Component has been lost by Microsoft

Experts joined this conclusion this week after Microsoft reinforced a security vulnerability tracked as CVE-2017-11882 that affected EQNEDT32.EXE the equation editor that was composed of the Microsoft Office suite until 2007.

While Microsoft has restored the old EQNEDT32.EXE part with a new one in 2007, the older file is still involved with all Office installations to allow users to store and edit equations created with the old component.

Researchers at cyber-security firm Embedi found a flaw in this component over the season. The bug got a lot of media concentration because it allowed silent attacks on all Microsoft Office and Windows versions published in the past 17 years with no user interaction.

While most confidence experts looked at the Embedi 20-page report for organizations on the bug, one particular business looked at the way Microsoft patched the bug in Office.

Experts from 0patch who run a stage for instantly distributing, applying, and eliminating microscopic binary patches noticed that the covered EQNEDT32.EXE file was almost equal to the old one.

“Have you ever met a C/C++ compiler that would put all roles in a 500+ KB executable on exactly the same behavior in the module after repairing a modified source code, especially when these modifications changed the amount of code in several functions?” 0patch experts asked rhetorically.

When programmers modify the source code and select a new binary, the compiler restricts the memory addresses of functions when the binary is compiled. This creates a somewhat distinct binary every time.

The only way the new EQNEDT32.EXE stayed so related to its previous version was if Microsoft engineers manually edited the binary itself.

An organization like Microsoft that has solid and complex software improvement and security practices in place would never deem manually binary editing as acceptable.

The only way this occurred is if Microsoft somehow lost the source code of a long-abandoned Office component.

Embedi researchers pointed out that the segment age is what attracted them to hunt for bugs inside it in the first place.

“The element was compiled on 11/9/2000,” the Embedi team pointed out. “Without any further recompilation, it was used in the later version of Microsoft Office. It seems that the element was developed by Design Science Inc. However, later the individual rights were purchased by Microsoft.”

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients