“Cybercriminals moved away from using Web-based vulnerabilities in favor of MS Office ones. In the past few months, MS Office, with more than 70% share of attacks, became the most targeted platform.”, explained Kaspersky team.
What’s interesting to note is that the vulnerabilities that hackers end up using in Microsoft Office are actually quite simple. They are not the most advanced components of the suite, and indeed in a lot of ways represent the very worst of what Office has to offer because of the fact that they are reasonably outdated and are not going to give you all that much in terms of the kind of experience that you are going to need from them all in all. People that author malware files have a tendency to prefer such simple means, and often target outdated code that the creators of a software failed to address in any meaningful way and have left in the overall code of the software assuming that there would be no real issue with something like this.
A script engine that is used to process files that are created using Microsoft Office products is also a frequent target for malicious actors that are looking for vulnerabilities that they can exploit.