• Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

    Home » Forums » Newsletter and Homepage topics » Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

    Tags:

    Author
    Topic
    woody
    Manager
    December 19, 2017 at 3:02 pm #153301

    I thought we got over the Office macro malware blues back in the 90s. Nope. All of that high-powered native document intelligence is coming back to bi
    [See the full post at: Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation]

    4 users thanked author for this post.
    SueW, walker, MrBrian, AJNorth
    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • MrJimPhelps
      AskWoody MVP
      December 19, 2017 at 3:55 pm #153311

      I guess if you have to run any MS Office products, don’t ever allow it to update links or run macros.

      Group "L" (Linux Mint)
      with Windows 10 running in a remote session on my file server
      Reply | Quote
    • Seff
      AskWoody Plus
      December 19, 2017 at 4:14 pm #153313

      People here often say “Don’t enable editing”, but how else can you alter or print a document? If there’s a safer way of doing so without e.g. switching products (I personally found Open Office to be incompatible with my then work when I tried it) then perhaps someone could kindly put forward a brief guide? I’m sure it would make a useful article.

      Reply | Quote
      • zero2dash
        AskWoody Lounger
        December 19, 2017 at 4:27 pm #153316

        Woody mentioned (in a previous but related post) that Office Online doesn’t have these vulnerabilities, which does make sense. (More sense than most things related to MS.)
        There is some free functionality with Office Online for anyone, even those without an active O365 subscription. You have to upload your files to OneDrive to then be able to open them in Office Online, but otherwise – you should be able to use that to ‘get around’ these vulnerabilities, if LO/OOo/GDocs do not meet your requirements.

        3 users thanked author for this post.
        HiFlyer, woody, Seff
        Reply | Quote
        • Seff
          AskWoody Plus
          December 19, 2017 at 4:44 pm #153318

          Thanks for that Zero, but my immediate reaction is that copying all my files and documents to a separate MS storage site is kind of swapping one potential security concern for another! That’s only based on the briefest of Google research, however, so I’ll look into it a little more. Thanks again.

          Reply | Quote
          • zero2dash
            AskWoody Lounger
            December 19, 2017 at 4:47 pm #153319

            I would give LibreOffice [Fresh] a shot; I’ve had better luck with LO keeping MS Office formatting intact than with Apache OpenOffice. (Other people swear by Kingsoft WPS Office, so that would be a second option if LO doesn’t fit the bill.)

            3 users thanked author for this post.
            rc primak, HiFlyer, Seff
            Reply | Quote
            • rc primak
              AskWoody_MVP
              December 21, 2017 at 9:26 am #153610

              Plus One for recommending WPS Office, formerly known as Kingsoft Office. Compatibility with native MS Office formats is better, though not perfect. It’s free for personal use, so there’s no risk in trying it.

              -- rc primak

              Reply | Quote
          • PKCano
            Manager
            December 19, 2017 at 4:51 pm #153320

            I’ve had better compatibility with Libre Office. One thing you have to watch is the fonts. MS doesn’t embed fonts unless you make a point in doing so (which makes the file bigger). So if you open a MS created document, the font may be different from the original.

            3 users thanked author for this post.
            rc primak, HiFlyer, Seff
            Reply | Quote
            • MrJimPhelps
              AskWoody MVP
              December 20, 2017 at 7:12 am #153386

              I always use Calibri font when I type in MS Word; but this font is not available in Libre Office Writer.

              However, if I create a document in Word, then open it in Writer, the document remains in Calibri in Writer.

              I’m using Windows 7 / 8.1 and Linux Mint 18.2, if that means anything for this issue.

              Group "L" (Linux Mint)
              with Windows 10 running in a remote session on my file server
              1 user thanked author for this post.
              rc primak
              Reply | Quote
            • PKCano
              Manager
              December 20, 2017 at 7:16 am #153387

              Do you have Word set to embed fonts? If so, the Calibre font is stored in the document and will appear in Libre Office even if it is not available for creating a document.

              1 user thanked author for this post.
              woody
              Reply | Quote
            • MrJimPhelps
              AskWoody MVP
              December 20, 2017 at 12:19 pm #153426

              I don’t know; maybe I do. If so, it was pure good luck on my part, not anything intentional. I say “good luck” because the Calibri font is my favorite font, and it’s not natively available in Linux Mint.

              Group "L" (Linux Mint)
              with Windows 10 running in a remote session on my file server
              Reply | Quote
            • rc primak
              AskWoody_MVP
              December 21, 2017 at 9:29 am #153611

              You might have better font compatibility in WPS Office. They try to stay in step with MS Office more than LibreOffice does, and fonts are one area where this shows up.

              -- rc primak

              Reply | Quote
      • woody
        Manager
        December 20, 2017 at 7:55 am #153388

        I’m slowly moving everything possible over to Google Docs and Sheets.

        Starting in 2018, I hope to be doing all of my day-to-day writing in Docs. My books will have to stay in Word, for the editorial and composition compatibility.

        1 user thanked author for this post.
        zero2dash
        Reply | Quote
        • MrJimPhelps
          AskWoody MVP
          December 20, 2017 at 12:22 pm #153428
          woody wrote:

          I’m slowly moving everything possible over to Google Docs and Sheets.

          Starting in 2018, I hope to be doing all of my day-to-day writing in Docs.

          Well, that should increase your readership some — all of those folks at Google who scan through the docs and emails that people create and work on in Google Docs, Gmail, and other Google “free” products — they will now be reading what you are writing!

          Group "L" (Linux Mint)
          with Windows 10 running in a remote session on my file server
          Reply | Quote
    Viewing 1 reply thread
    Reply To: Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.