Despite Microsoft’s best efforts, Office documents are still one of the most common ways to exploit software flaws and deploy malware on vulnerable endpoints, experts have claimed.
A report from Cofense says Microsoft Office’s omnipresence in the workforce has made it become one of the most popular attack vectors. Threat actors are using Office documents in different ways, some of which are super simple, while others are extremely advanced.
Simple ways include sharing a link, or a simple QR code, in the document. These links would point to malware hosted anywhere on the internet.
Flaws and macros
More complex exploits leverage known vulnerabilities, such as CVE-2017-11882, and CVE-2017-0199, both of which were discovered, and patched, in 2017.
The first one is described as a memory corruption vulnerability in Office, and utilizes the Office integrated equation editor, which allows LaTeX graphical mathematical equations to be displayed in a document.
The second dubbed the Office/WordPad remote code execution vulnerability (RCE) , allows embedded malformed Microsoft HTML Applications, or HTA, files inside RTF or rich text files to execute remote code to retrieve payloads from remote resources.
Curiously enough, Cofense also mentions macros, an algorithmic logic feature that Microsoft essentially killed in Office months ago. A macro in an office document is a sequence of instructions that automates repetitive tasks. These instructions are recorded or written in the Visual Basic for Applications (VBA) programming language in Microsoft Office products, and can be executed to perform tasks quickly and efficiently.
Since macros were essentially the go-to feature for malware distribution, Microsoft recently made it disabled by default, and forced users to jump through multiple warning loops before being able to run it.
More from TechRadar Pro
- Microsoft Office is now blocking macros by default
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
