Advice Request MS Word -- how to maximize security?

Please provide comments and solutions that are helpful to the author of this topic.
Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Jul 3, 2015
8,148
1
31,237
8,388
Middle Earth
The default settings for MS Word (and other apps in the Office suite) is to disable macros with notification.
In addition, downloaded Word files will open by default in a protected mode, and user will be warned to be careful with unknown downloads.

In light of all this, what are the remaining security risks with MS Word? And how can they be mitigated?

I am asking about an actual Word doc, not a malicious executable that has a double file extension to make it look like a Word doc.
 
  • Like
Reactions: XhenEd, Sr. Normal 2.0, Cats-4_Owners-2 and 1 other person
Hyperlinks are a risk along with controls, such as Flash controls that can be embedded in documents. I run MS Office apps in the 360 sandbox, but Comodo on restricted should work I think. Also, use EMET and have Office applications protected.

I could be wrong, but I think some of the developers controls can be embedded into Word and MS Office Documents without macros being enabled (including videos), so that you could have a link control that could be malicious. There must be 100s of different types of controls that can be placed in an Office document. It's nice that 360 sandbox opens links of any kind in the sandbox, even if the app used to open the item is not a sandboxed app. I guess that's normal for a sandbox, but it was a kind of a relief to me to see it in 360s sandbox.
 
  • Like
Reactions: XhenEd, Sr. Normal 2.0, Parsh and 1 other person
CMLew said:
Not sure if I would have this issue, as I phased out MS Office and start using Libreoffice as my main.

In any case, I still have HMPA for cover me against these exploits.
Click to expand...
aside from the price, and the many other reasons to hate Microsoft, why did you switch? Any security issues involved?
 
  • Like
Reactions: Sr. Normal 2.0
CMLew said:
Not sure if I would have this issue, as I phased out MS Office and start using Libreoffice as my main.

In any case, I still have HMPA for cover me against these exploits.
Click to expand...
How about trying WPS office? It's more polished and almost resembles MS Office in features and user interface.
 
  • Like
Reactions: Sr. Normal 2.0
Parsh said:
How about trying WPS office? It's more polished and almost resembles MS Office in features and user interface.
Click to expand...
thanks guys for the suggestions, but my goal is to understand the vulnerabilities of MS Word, not to replace it. I need its advanced features for my work.
 
  • Like
Reactions: AtlBo and Sr. Normal 2.0
Use the latest version of Microsoft Word or Office 365. Otherwise try Word Online on the Web, Android or iOS. Office 365 is required for large-screen tablets, but free from the browser on desktop.

Using Word should be no risk with local & trusted sources.
 
  • Like
Reactions: jamescv7, AtlBo, XhenEd and 2 others
Spawn said:
Use the latest version of Microsoft Word or Office 365. Otherwise try Word Online on the Web, Android or iOS. Office 365 is required for large-screen tablets, but free from the browser on desktop.

Using Word should be no risk with local & trusted sources.
Click to expand...
if macros are disabled, do you think there is still a possibility for malicious code to run?
 
  • Like
Reactions: AtlBo
shmu26 said:
The default settings for MS Word (and other apps in the Office suite) is to disable macros with notification.
In addition, downloaded Word files will open by default in a protected mode, and user will be warned to be careful with unknown downloads.

In light of all this, what are the remaining security risks with MS Word? And how can they be mitigated?

I am asking about an actual Word doc, not a malicious executable that has a double file extension to make it look like a Word doc.
Click to expand...

Exploits that can result in such things as Remote Code Execution

You can get your questions answered by researching Microsoft Security Advisory for Microsoft Office, Word, Excel, etc

The risk is very small - and since you use ReHIPS, you would run each Microsoft Office program in its own dedicated isolated environment

ReHIPS is not going to prevent an exploit, but it should block the payload from running with a HIPS alert and contain it within the isolated environment if the user allows it to run

You could also use Microsoft EMET, HitmanPro.Alert, or other anti-exploit
 
Last edited by a moderator:
  • Like
Reactions: AtlBo, shmu26 and XhenEd
Jeff_T - Testing Group said:
Exploits that can result in such things as Remote Code Execution

You can get your questions answered by researching Microsoft Security Advisory for Microsoft Office, Word, Excel, etc

The risk is very small - and since you use ReHIPS, you would run each Microsoft Office program in its own dedicated isolated environment

ReHIPS is not going to prevent an exploit, but it should block the payload from running with a HIPS alert and contain it within the isolated environment if the user allows it to run

You could also use Microsoft EMET, HitmanPro.Alert, or other anti-exploit
Click to expand...
thanks. I actually took MS Word out of ReHIPS isolation, so that it can interact with other programs (I have a translation software called Babylon that hooks into Word, and provides one-click translations for selected words).
But I am running HMP.A.
 
  • Like
Reactions: AtlBo
shmu26 said:
thanks. I actually took MS Word out of ReHIPS isolation, so that it can interact with other programs (I have a translation software called Babylon that hooks into Word, and provides one-click translations for selected words).
But I am running HMP.A.
Click to expand...

Did you try running Babylon and Word both within the same dedicated isolated environment ?
 
  • Like
Reactions: AtlBo
HMPA all the way, CMlew and Jeff hit on it and I use it for all Windows apps including Word, Word Pad, Note Pad, and Nitro 10 Pro
 
  • Like
Reactions: AtlBo and shmu26
Jeff_T - Testing Group said:
Exploits that can result in such things as Remote Code Execution...

The risk is very small ...

You could also use Microsoft EMET, HitmanPro.Alert, or other anti-exploit
Click to expand...
Okay, so it sounds like the significant risks of MS Word (latest version, with updates) would be:
1 malicious links
2 macros, if the user enables them
 
  • Like
Reactions: AtlBo
First of all a typical good Antivirus or your favorite tool should protect for any possible exploit or untoward execution.

As long you put the macro settings to 'ask' for allow content, then chances of immediate infection is very minimal.

Actually it's all about how you handle the things, no need for numerous tools if unnecessary/redundant.
 
  • Like
Reactions: shmu26 and shukla44
Status
Not open for further replies.

You may also like...