Advice Request MS Word -- how to maximize security?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
The default settings for MS Word (and other apps in the Office suite) is to disable macros with notification.
In addition, downloaded Word files will open by default in a protected mode, and user will be warned to be careful with unknown downloads.

In light of all this, what are the remaining security risks with MS Word? And how can they be mitigated?

I am asking about an actual Word doc, not a malicious executable that has a double file extension to make it look like a Word doc.
 
  • Like
Reactions: XhenEd, Sr. Normal 2.0, Cats-4_Owners-2 and 1 other person
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Hyperlinks are a risk along with controls, such as Flash controls that can be embedded in documents. I run MS Office apps in the 360 sandbox, but Comodo on restricted should work I think. Also, use EMET and have Office applications protected.

I could be wrong, but I think some of the developers controls can be embedded into Word and MS Office Documents without macros being enabled (including videos), so that you could have a link control that could be malicious. There must be 100s of different types of controls that can be placed in an Office document. It's nice that 360 sandbox opens links of any kind in the sandbox, even if the app used to open the item is not a sandboxed app. I guess that's normal for a sandbox, but it was a kind of a relief to me to see it in 360s sandbox.
 
  • Like
Reactions: XhenEd, Sr. Normal 2.0, Parsh and 1 other person
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
CMLew said:
Not sure if I would have this issue, as I phased out MS Office and start using Libreoffice as my main.

In any case, I still have HMPA for cover me against these exploits.
Click to expand...
aside from the price, and the many other reasons to hate Microsoft, why did you switch? Any security issues involved?
 
  • Like
Reactions: Sr. Normal 2.0
Parsh

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
CMLew said:
Not sure if I would have this issue, as I phased out MS Office and start using Libreoffice as my main.

In any case, I still have HMPA for cover me against these exploits.
Click to expand...
How about trying WPS office? It's more polished and almost resembles MS Office in features and user interface.
 
  • Like
Reactions: Sr. Normal 2.0
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Parsh said:
How about trying WPS office? It's more polished and almost resembles MS Office in features and user interface.
Click to expand...
thanks guys for the suggestions, but my goal is to understand the vulnerabilities of MS Word, not to replace it. I need its advanced features for my work.
 
  • Like
Reactions: AtlBo and Sr. Normal 2.0
I

Ink

Administrator
Verified
Jan 8, 2011
22,490
Use the latest version of Microsoft Word or Office 365. Otherwise try Word Online on the Web, Android or iOS. Office 365 is required for large-screen tablets, but free from the browser on desktop.

Using Word should be no risk with local & trusted sources.
 
  • Like
Reactions: jamescv7, AtlBo, XhenEd and 2 others
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Spawn said:
Use the latest version of Microsoft Word or Office 365. Otherwise try Word Online on the Web, Android or iOS. Office 365 is required for large-screen tablets, but free from the browser on desktop.

Using Word should be no risk with local & trusted sources.
Click to expand...
if macros are disabled, do you think there is still a possibility for malicious code to run?
 
  • Like
Reactions: AtlBo
5

509322

shmu26 said:
The default settings for MS Word (and other apps in the Office suite) is to disable macros with notification.
In addition, downloaded Word files will open by default in a protected mode, and user will be warned to be careful with unknown downloads.

In light of all this, what are the remaining security risks with MS Word? And how can they be mitigated?

I am asking about an actual Word doc, not a malicious executable that has a double file extension to make it look like a Word doc.
Click to expand...

Exploits that can result in such things as Remote Code Execution

You can get your questions answered by researching Microsoft Security Advisory for Microsoft Office, Word, Excel, etc

The risk is very small - and since you use ReHIPS, you would run each Microsoft Office program in its own dedicated isolated environment

ReHIPS is not going to prevent an exploit, but it should block the payload from running with a HIPS alert and contain it within the isolated environment if the user allows it to run

You could also use Microsoft EMET, HitmanPro.Alert, or other anti-exploit
 
Last edited by a moderator:
  • Like
Reactions: AtlBo, shmu26 and XhenEd
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Jeff_T - Testing Group said:
Exploits that can result in such things as Remote Code Execution

You can get your questions answered by researching Microsoft Security Advisory for Microsoft Office, Word, Excel, etc

The risk is very small - and since you use ReHIPS, you would run each Microsoft Office program in its own dedicated isolated environment

ReHIPS is not going to prevent an exploit, but it should block the payload from running with a HIPS alert and contain it within the isolated environment if the user allows it to run

You could also use Microsoft EMET, HitmanPro.Alert, or other anti-exploit
Click to expand...
thanks. I actually took MS Word out of ReHIPS isolation, so that it can interact with other programs (I have a translation software called Babylon that hooks into Word, and provides one-click translations for selected words).
But I am running HMP.A.
 
  • Like
Reactions: AtlBo
5

509322

shmu26 said:
thanks. I actually took MS Word out of ReHIPS isolation, so that it can interact with other programs (I have a translation software called Babylon that hooks into Word, and provides one-click translations for selected words).
But I am running HMP.A.
Click to expand...

Did you try running Babylon and Word both within the same dedicated isolated environment ?
 
  • Like
Reactions: AtlBo
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
HMPA all the way, CMlew and Jeff hit on it and I use it for all Windows apps including Word, Word Pad, Note Pad, and Nitro 10 Pro
 
  • Like
Reactions: AtlBo and shmu26
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Jeff_T - Testing Group said:
Exploits that can result in such things as Remote Code Execution...

The risk is very small ...

You could also use Microsoft EMET, HitmanPro.Alert, or other anti-exploit
Click to expand...
Okay, so it sounds like the significant risks of MS Word (latest version, with updates) would be:
1 malicious links
2 macros, if the user enables them
 
  • Like
Reactions: AtlBo
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
First of all a typical good Antivirus or your favorite tool should protect for any possible exploit or untoward execution.

As long you put the macro settings to 'ask' for allow content, then chances of immediate infection is very minimal.

Actually it's all about how you handle the things, no need for numerous tools if unnecessary/redundant.
 
  • Like
Reactions: shmu26 and shukla44
Status
Not open for further replies.

Similar threads

X195
    • Like
Advice Request Help needed with DNS configuration
Replies
15
Views
977
AdGuard
Chuck57
Chuck57
silversurfer
    • Like
    • +Reputation
Microsoft is currently working to introduce dark mode to Word for Web
Replies
1
Views
701
Office, email and business apps
CyberTech
CyberTech
I
    • Like
    • Wow
New Update Microsoft 365 adds AI to Office: What is ai.exe and AIMgr.exe in Task Manager?
Replies
2
Views
2,270
Office, email and business apps
Jonny Quest
Jonny Quest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top