Microsoft Office: In the line of fire

Discussion in 'other security issues & news' started by itman, May 7, 2017.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    At least someone is starting to talk about the "problem"
    https://www.scmagazine.com/microsoft-office-in-the-line-of-fire/article/652209/
     
  2. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    This might help. I'm not sure since last Office I used was 2k if Macro scripting is (by default) enabled or not. I doubt that, especially in the x64 version. Saying that 0day is a threat affects every product not only Office. What MS could do would be an additional check if a script/document want to try to load external resources e.g. a payload and inform the user before there are connections. That's not 100% perfect but good enough.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    FYI
    https://www.cybersecurity-help.cz/blog/303.html
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Macros have been disabled for some time by default in Word; at least since Office 2010.

    Problem is many businesses use them, so of course macros would be enabled. Also phished e-mail, especially spear phished ones, still are quite successful in getting users to enable them.
     
  5. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    I need to laugh at this, it's incredible. MS gets blamed because some other corps. still using known insecure (and by default disabled functions) and then they complaining? If they can't protect themselves against drive-by I would more blame the IT guy instead because he did not made a good job.

    There are only two options, offer or not offer an function. It's like offering a car and then expect that you never need to fill your tank again. Such things are known and it needs to be maintained by the user. When I would MS, I would right now remove entire Macro thingy and then you can wait because people complain because MS removed that function ... Ridiculous.
     
  6. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
  8. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Most secure version of Office is UWP Office. Low integrity / CFG process.
    Source: https://twitter.com/dwizzzleMSFT/status/860993709181095936

    Source: https://twitter.com/dwizzzleMSFT/status/860994283792285697

    Source: https://twitter.com/dwizzzleMSFT/status/860997287350198272

    Although not that great for power users, the majority of home users could benefit greatly from this. Free for small devices. Requires 365 sub for laptops and desktops.
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Per the Twitter feed, you don't have to worry about macro based malware since this version doesn't support macros.

    Really don't know what is meant by "fully sandboxed?" All Win store apps run in AppContainer. All Office vers. past 2010 run in AppContainer. Perhaps Win 10 S has additional sandboxing capability? In any case, hell will have to freeze over first before I ever buy a subscription for anything Microsoft produces.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Here's my solution to the current MS Office malware malaise. It definitely is not "rocket science" and for the life of me, don't know why MS has not done this.

    For any .doc received from the Internet, i.e. has the "Mark of the Web," any currently supported MS Office ver. is upgraded as follows. When opened outside of the existing "protected mode," it is opened by default in a "safe editing" mode. This mode will perform the following which parallels those features provided for by most existing e-mail client software:

    1. All macros and VBA scripting are disabled and cannot be enabled under any means.
    2. All active content within the .doc file is disabled. That is, all links are converted to corresponding text representation i.e. http/s: format but cannot be executed directly from the .doc file.
    3. All icons are likewise disabled.
    4. Any other non-text data such as .rtf, .lnk, etc. files are disabled from opening.

    In other words, only text data will be displayed and editable. Upon saving the .doc file, the "Mark of the Web" imprint is retained and other disabled content restored. This will enable the .doc file to be resent to the sender in its original format.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.