Your Microsoft Office documents might be hiding some serious security worries

Microsoft Office documents are still the go-to platform for malware distribution

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

DespiteMicrosoft’s best efforts, Office documents are still one of the most common ways to exploit software flaws and deploymalwareon vulnerable endpoints, experts have claimed.

Areportfrom Cofense says Microsoft Office’s omnipresence in the workforce has made it become one of the most popular attack vectors. Threat actors are using Office documents in different ways, some of which are super simple, while others are extremely advanced.

Simple ways include sharing a link, or a simple QR code, in the document. These links would point to malware hosted anywhere on the internet.

Flaws and macros

More complex exploits leverage known vulnerabilities, such as CVE-2017-11882, and CVE-2017-0199, both of which were discovered, and patched, in 2017.

The first one is described as a memory corruption vulnerability in Office, and utilizes the Office integrated equation editor, which allows LaTeX graphical mathematical equations to be displayed in a document.

The second  dubbed the Office/WordPad remote code execution vulnerability (RCE) , allows embedded malformed Microsoft HTML Applications, or HTA, files inside RTF or rich text files to execute remote code to retrieve payloads from remote resources.

Curiously enough, Cofense also mentions macros, an algorithmic logic feature that Microsoft essentially killed in Office months ago. A macro in an office document is a sequence of instructions that automates repetitive tasks. These instructions are recorded or written in the Visual Basic for Applications (VBA) programming language in Microsoft Office products, and can be executed to perform tasks quickly and efficiently.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Since macros were essentially the go-to feature for malware distribution, Microsoft recently made it disabled by default, and forced users to jump through multiple warning loops before being able to run it.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

How to watch Wolf Hall: The Mirror and the Light FREE online from anywhere