A 17-year-old Excel vulnerability is currently being exploited by threat actors, and it's been flagged by the US' cyber defence agency
Though the world of hacking is only getting more and more advanced, some exploits have seemingly stuck around unchanged for years. Originally filed back in February 2009, one curious vulnerability has caught the eyes of the US government.
Published in a report this week by the American Cybersecurity and Infrastructure Security Agency (CISA), a 17-year-old exploit in Microsoft Office has been flagged as being actively exploited by threat actors (via The Register). The specifics on how to do this exploit have not been shared, but the record was last updated in 2018, implying some new information was found almost a decade after it was first spotted.
It seemingly allows remote attacks to execute code via a specifically crafted Excel document. In its first outing, this attack was used to install a Trojan dropper on a device, which would then inject further malware. The ability to upload nefarious software remotely is naturally a rather dangerous exploit.
This exploit has a severity score of 8.8, which is very high. However, that does not automatically mean it was super popular or common: the rating is a measure of how severe the consequences of an exploit are, paired with factors like ease-of-use. But even so, a score this high means bad news.
The reason it was added to CISA's list of vulnerabilities is that it is now considered active, which implies some threat actor, or group of threat actors, has managed to use the same method today. Microsoft did patch the problem back when it first showed up, but CISA has given it two weeks to patch it once more.
???? Stay informed on the latest vulnerabilities with @CISAgov's Vulnerability Bulletin & gain valuable insights into emerging threats. ????Check out the latest updates: https://t.co/uawsKV3yTD #Cybersecurity #InfoSec #VulnerabilityManagement pic.twitter.com/ue6PtW8sDdApril 14, 2026
Alongside this, CISA has also flagged up a brand new exploit which uses Microsoft Office SharePoint to "perform spoofing over a network." This one is less severe, at a score of 6.5, though it is considered active and is even automatable. This means the likes of AI agents can do this exploit en masse.
AI is a major proponent of the growth of cybercrimes, with it being a focal point of the nearly $21 billion lost to cybercrime scams last year. Not only have we seen AI used in the research of scams and the automation of them, but we've also seen some rather devious schemes with it, including deepfaking CEOs to prompt users to troubleshoot, only for the troubleshooting program to contain nasty files.
Just because the world is adopting AI into every approach doesn't mean that threat actors won't pull out the classics when they seemingly work so well. Some things never change.