News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

    Home Forums AskWoody blog Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

    This topic contains 13 replies, has 6 voices, and was last updated by  rc primak 1 year, 10 months ago.

    • Author
      Posts
    • #153301 Reply

      woody
      Da Boss

      I thought we got over the Office macro malware blues back in the 90s. Nope. All of that high-powered native document intelligence is coming back to bi
      [See the full post at: Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation]

      4 users thanked author for this post.
    • #153311 Reply

      MrJimPhelps
      AskWoody_MVP

      I guess if you have to run any MS Office products, don’t ever allow it to update links or run macros.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
    • #153313 Reply

      Seff
      AskWoody Plus

      People here often say “Don’t enable editing”, but how else can you alter or print a document? If there’s a safer way of doing so without e.g. switching products (I personally found Open Office to be incompatible with my then work when I tried it) then perhaps someone could kindly put forward a brief guide? I’m sure it would make a useful article.

      • #153316 Reply

        zero2dash
        AskWoody Lounger

        Woody mentioned (in a previous but related post) that Office Online doesn’t have these vulnerabilities, which does make sense. (More sense than most things related to MS.)
        There is some free functionality with Office Online for anyone, even those without an active O365 subscription. You have to upload your files to OneDrive to then be able to open them in Office Online, but otherwise – you should be able to use that to ‘get around’ these vulnerabilities, if LO/OOo/GDocs do not meet your requirements.

        3 users thanked author for this post.
        • #153318 Reply

          Seff
          AskWoody Plus

          Thanks for that Zero, but my immediate reaction is that copying all my files and documents to a separate MS storage site is kind of swapping one potential security concern for another! That’s only based on the briefest of Google research, however, so I’ll look into it a little more. Thanks again.

          • #153319 Reply

            zero2dash
            AskWoody Lounger

            I would give LibreOffice [Fresh] a shot; I’ve had better luck with LO keeping MS Office formatting intact than with Apache OpenOffice. (Other people swear by Kingsoft WPS Office, so that would be a second option if LO doesn’t fit the bill.)

            3 users thanked author for this post.
            • #153610 Reply

              rc primak
              AskWoody_MVP

              Plus One for recommending WPS Office, formerly known as Kingsoft Office. Compatibility with native MS Office formats is better, though not perfect. It’s free for personal use, so there’s no risk in trying it.

              -- rc primak

          • #153320 Reply

            PKCano
            Da Boss

            I’ve had better compatibility with Libre Office. One thing you have to watch is the fonts. MS doesn’t embed fonts unless you make a point in doing so (which makes the file bigger). So if you open a MS created document, the font may be different from the original.

            3 users thanked author for this post.
            • #153386 Reply

              MrJimPhelps
              AskWoody_MVP

              I always use Calibri font when I type in MS Word; but this font is not available in Libre Office Writer.

              However, if I create a document in Word, then open it in Writer, the document remains in Calibri in Writer.

              I’m using Windows 7 / 8.1 and Linux Mint 18.2, if that means anything for this issue.

              Group "L" (Linux Mint)
              with Windows 8.1 running in a VM
              1 user thanked author for this post.
            • #153387 Reply

              PKCano
              Da Boss

              Do you have Word set to embed fonts? If so, the Calibre font is stored in the document and will appear in Libre Office even if it is not available for creating a document.

              1 user thanked author for this post.
            • #153426 Reply

              MrJimPhelps
              AskWoody_MVP

              I don’t know; maybe I do. If so, it was pure good luck on my part, not anything intentional. I say “good luck” because the Calibri font is my favorite font, and it’s not natively available in Linux Mint.

              Group "L" (Linux Mint)
              with Windows 8.1 running in a VM
            • #153611 Reply

              rc primak
              AskWoody_MVP

              You might have better font compatibility in WPS Office. They try to stay in step with MS Office more than LibreOffice does, and fonts are one area where this shows up.

              -- rc primak

      • #153388 Reply

        woody
        Da Boss

        I’m slowly moving everything possible over to Google Docs and Sheets.

        Starting in 2018, I hope to be doing all of my day-to-day writing in Docs. My books will have to stay in Word, for the editorial and composition compatibility.

        1 user thanked author for this post.
        • #153428 Reply

          MrJimPhelps
          AskWoody_MVP

          I’m slowly moving everything possible over to Google Docs and Sheets.

          Starting in 2018, I hope to be doing all of my day-to-day writing in Docs.

          Well, that should increase your readership some — all of those folks at Google who scan through the docs and emails that people create and work on in Google Docs, Gmail, and other Google “free” products — they will now be reading what you are writing!

          Group "L" (Linux Mint)
          with Windows 8.1 running in a VM

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.