Pages

Wednesday, 8 July 2015

Office Component Allows Attacker's Code Without Executing Macros


A researcher warns Office users a feature allowing attackers to execute malicious code through documents, even if macros are turned off and the part is not off. Every Windows version of Microsoft Office contains a feature that makes it possible to embed content in documents.

These include the executable content, such as .exe and JavaScript files, so let investigator Kevin Beaumont on the Full Disclosure mailing list know. OLE Packager, as the feature is called, since the early 1990s in the Microsoft software is present. The feauture, which allows the embedding of content, was introduced in Windows 3.1 and was supported until Windows XP. All versions of Office support the feature yet. To prevent any abuse of the feature made ​​Microsoft uses a list of risky file types.

Once a risky file type to a document is added to the list view shows a warning to the user. This warning can be ignored, but users can at least see that the document contains risky content. According to Beaumont the static list is not, however, up-to-date. For example, PowerShell and other executable files not recognized and therefore users get no warning. Thus, it is possible to carry out through the opening of Office files code on the computer. It does not stand out or macros off, or that of High Security templates are used.

Solution

Microsoft was informed in March of this year about the problem and was told that attackers were experimenting with the feature. To not know what is exactly the attackers and attacks Beaumont late. However, Microsoft then would have asked him not to publish information about the issue. Eventually told the researcher that it is and the problem is still not resolved to a feature of Office. For Windows users, Microsoft EMET installed, a free tool for Windows with secure, to assume control for Excel, Word and PowerPoint that prevents the feature can be implemented. However, this also prevents legitimate use of the feature

No comments:

Post a Comment