Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Your Microsoft Office documents might be hiding some serious security worries

Microsoft 365.

Despite Microsoft’s best efforts, Office documents are still one of the most common ways to exploit software flaws and deploy malware on vulnerable endpoints, experts have claimed.

A report from Cofense says Microsoft Office’s omnipresence in the workforce has made it become one of the most popular attack vectors. Threat actors are using Office documents in different ways, some of which are super simple, while others are extremely advanced.

Simple ways include sharing a link, or a simple QR code, in the document. These links would point to malware hosted anywhere on the internet.

Flaws and macros

More complex exploits leverage known vulnerabilities, such as CVE-2017-11882, and CVE-2017-0199, both of which were discovered, and patched, in 2017. 

The first one is described as a memory corruption vulnerability in Office, and utilizes the Office integrated equation editor, which allows LaTeX graphical mathematical equations to be displayed in a document. 

The second  dubbed the Office/WordPad remote code execution vulnerability (RCE) , allows embedded malformed Microsoft HTML Applications, or HTA, files inside RTF or rich text files to execute remote code to retrieve payloads from remote resources. 

Curiously enough, Cofense also mentions macros, an algorithmic logic feature that Microsoft essentially killed in Office months ago. A macro in an office document is a sequence of instructions that automates repetitive tasks. These instructions are recorded or written in the Visual Basic for Applications (VBA) programming language in Microsoft Office products, and can be executed to perform tasks quickly and efficiently. 

Since macros were essentially the go-to feature for malware distribution, Microsoft recently made it disabled by default, and forced users to jump through multiple warning loops before being able to run it.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.