Your Microsoft Office documents may be hiding serious security vulnerabilities
Despite Microsoft’s efforts, Office documents are still one of the most common ways to exploit software bugs and deploy malware to vulnerable endpoints, experts claim.
a report van Cofense says the ubiquity of Microsoft Office in the workplace has made it one of the most popular attack vectors. Threat actors use Office documents in a variety of ways, some of which are super simple, while others are extremely sophisticated.
Simple ways include sharing a link or a simple QR code in the document. These links point to malware hosted all over the Internet.
Errors and macros
More complex exploits use known vulnerabilities, such as CVE-2017-11882 and CVE-2017-0199, both discovered and patched in 2017.
The first is described as a memory corruption vulnerability in Office and takes advantage of Office’s integrated equation editor, which allows LaTeX graphical math equations to be displayed in a document.
The second, the Office/WordPad Remote Code Execution Vulnerability (RCE), allows embedded malformed Microsoft HTML applications, or HTA, files in RTF or rich text files to execute remote code to retrieve payloads from external sources .
Oddly enough, Cofense also mentions macros, an algorithmic logic feature that Microsoft essentially killed in Office months ago. A macro in an office document is a series of instructions that automates repetitive tasks. These instructions are recorded or written in the Visual Basic for Applications (VBA) programming language in Microsoft Office products and can be executed to complete tasks quickly and efficiently.
Since macros were essentially the default feature for spreading malware, Microsoft recently disabled them by default, forcing users to go through multiple warning loops before they could run them.