Topic: Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation @ AskWoody

Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

Posted on woody Comment on the AskWoody Lounge
Home › Forums › AskWoody blog › Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

Tagged: DDE, KB 4011575, KB 4011590, KB 4011608, KB 4011612, KB 4011614, Macro obfuscation, Scriptlets
- This topic has 13 replies, 6 voices, and was last updated 2 years, 6 months ago.
Viewing 2 reply threads
- Author
  
  Posts
- - December 19, 2017 at 3:02 pm #153301 Reply
    
    woody
    Da Boss
    
    I thought we got over the Office macro malware blues back in the 90s. Nope. All of that high-powered native document intelligence is coming back to bi
    [See the full post at: Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation]
    
    4 users thanked author for this post.
    
    SueW, walker, MrBrian, AJNorth
  - December 19, 2017 at 3:55 pm #153311 Reply
    
    MrJimPhelps
    AskWoody_MVP
    
    I guess if you have to run any MS Office products, don’t ever allow it to update links or run macros.
    
    Group "L" (Linux Mint)
    with Windows 8.1 running in a VM
  - December 19, 2017 at 4:14 pm #153313 Reply
    
    Seff
    AskWoody Plus
    
    People here often say “Don’t enable editing”, but how else can you alter or print a document? If there’s a safer way of doing so without e.g. switching products (I personally found Open Office to be incompatible with my then work when I tried it) then perhaps someone could kindly put forward a brief guide? I’m sure it would make a useful article.
    - December 19, 2017 at 4:27 pm #153316 Reply
      
      zero2dash
      AskWoody Lounger
      
      Woody mentioned (in a previous but related post) that Office Online doesn’t have these vulnerabilities, which does make sense. (More sense than most things related to MS.)
      There is some free functionality with Office Online for anyone, even those without an active O365 subscription. You have to upload your files to OneDrive to then be able to open them in Office Online, but otherwise – you should be able to use that to ‘get around’ these vulnerabilities, if LO/OOo/GDocs do not meet your requirements.
      
      3 users thanked author for this post.
      
      HiFlyer, woody, Seff
      
      December 19, 2017 at 4:44 pm #153318 Reply
      
      Seff
      AskWoody Plus
      
      Thanks for that Zero, but my immediate reaction is that copying all my files and documents to a separate MS storage site is kind of swapping one potential security concern for another! That’s only based on the briefest of Google research, however, so I’ll look into it a little more. Thanks again.
      
      December 19, 2017 at 4:47 pm #153319 Reply
      
      zero2dash
      AskWoody Lounger
      
      I would give LibreOffice [Fresh] a shot; I’ve had better luck with LO keeping MS Office formatting intact than with Apache OpenOffice. (Other people swear by Kingsoft WPS Office, so that would be a second option if LO doesn’t fit the bill.)
      
      3 users thanked author for this post.
      
      rc primak, HiFlyer, Seff
      
      December 21, 2017 at 9:26 am #153610 Reply
      
      rc primak
      AskWoody_MVP
      
      Plus One for recommending WPS Office, formerly known as Kingsoft Office. Compatibility with native MS Office formats is better, though not perfect. It’s free for personal use, so there’s no risk in trying it.
      
      -- rc primak
      
      December 19, 2017 at 4:51 pm #153320 Reply
      
      PKCano
      Da Boss
      
      I’ve had better compatibility with Libre Office. One thing you have to watch is the fonts. MS doesn’t embed fonts unless you make a point in doing so (which makes the file bigger). So if you open a MS created document, the font may be different from the original.
      
      3 users thanked author for this post.
      
      rc primak, HiFlyer, Seff
      
      December 20, 2017 at 7:12 am #153386 Reply
      
      MrJimPhelps
      AskWoody_MVP
      
      I always use Calibri font when I type in MS Word; but this font is not available in Libre Office Writer.
      
      However, if I create a document in Word, then open it in Writer, the document remains in Calibri in Writer.
      
      I’m using Windows 7 / 8.1 and Linux Mint 18.2, if that means anything for this issue.
      
      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
      
      1 user thanked author for this post.
      
      rc primak
      
      December 20, 2017 at 7:16 am #153387 Reply
      
      PKCano
      Da Boss
      
      Do you have Word set to embed fonts? If so, the Calibre font is stored in the document and will appear in Libre Office even if it is not available for creating a document.
      
      1 user thanked author for this post.
      
      woody
      
      December 20, 2017 at 12:19 pm #153426 Reply
      
      MrJimPhelps
      AskWoody_MVP
      
      I don’t know; maybe I do. If so, it was pure good luck on my part, not anything intentional. I say “good luck” because the Calibri font is my favorite font, and it’s not natively available in Linux Mint.
      
      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
      
      December 21, 2017 at 9:29 am #153611 Reply
      
      rc primak
      AskWoody_MVP
      
      You might have better font compatibility in WPS Office. They try to stay in step with MS Office more than LibreOffice does, and fonts are one area where this shows up.
      
      -- rc primak
    - December 20, 2017 at 7:55 am #153388 Reply
      
      woody
      Da Boss
      
      I’m slowly moving everything possible over to Google Docs and Sheets.
      
      Starting in 2018, I hope to be doing all of my day-to-day writing in Docs. My books will have to stay in Word, for the editorial and composition compatibility.
      
      1 user thanked author for this post.
      
      zero2dash
      
      December 20, 2017 at 12:22 pm #153428 Reply
      
      MrJimPhelps
      AskWoody_MVP
      
      woody wrote:
      
      I’m slowly moving everything possible over to Google Docs and Sheets.
      
      Starting in 2018, I hope to be doing all of my day-to-day writing in Docs.
      
      Well, that should increase your readership some — all of those folks at Google who scan through the docs and emails that people create and work on in Google Docs, Gmail, and other Google “free” products — they will now be reading what you are writing!
      
      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
- Author
  
  Posts
Viewing 2 reply threads

Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

Reply To: Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation
You can use BBCodes to format your content.
Your account can't use Advanced BBCodes, they will be stripped before saving.

Cancel

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.