Four security vulnerabilities were found in Microsoft Office by CPR

CPR discovered vulnerable functions inside MSGraph. Similar code checks confirmed that the vulnerable function was commonly used across multiple different Microsoft Office products, such as Excel, Office Online Server and Excel for OSX.

Gamaredon group targets Microsoft Outlook and Office, ESET

The latest tools inject malicious macros or references to remote templates into existing documents on the attacked system, which is a very efficient way of moving within an organization’s network, as documents are routinely shared amongst colleagues.