Advice Request MS Word -- how to maximize security?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The default settings for MS Word (and other apps in the Office suite) is to disable macros with notification.
In addition, downloaded Word files will open by default in a protected mode, and user will be warned to be careful with unknown downloads.

In light of all this, what are the remaining security risks with MS Word? And how can they be mitigated?

I am asking about an actual Word doc, not a malicious executable that has a double file extension to make it look like a Word doc.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Hyperlinks are a risk along with controls, such as Flash controls that can be embedded in documents. I run MS Office apps in the 360 sandbox, but Comodo on restricted should work I think. Also, use EMET and have Office applications protected.

I could be wrong, but I think some of the developers controls can be embedded into Word and MS Office Documents without macros being enabled (including videos), so that you could have a link control that could be malicious. There must be 100s of different types of controls that can be placed in an Office document. It's nice that 360 sandbox opens links of any kind in the sandbox, even if the app used to open the item is not a sandboxed app. I guess that's normal for a sandbox, but it was a kind of a relief to me to see it in 360s sandbox.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Not sure if I would have this issue, as I phased out MS Office and start using Libreoffice as my main.

In any case, I still have HMPA for cover me against these exploits.
aside from the price, and the many other reasons to hate Microsoft, why did you switch? Any security issues involved?
 
  • Like
Reactions: Sr. Normal 2.0

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Not sure if I would have this issue, as I phased out MS Office and start using Libreoffice as my main.

In any case, I still have HMPA for cover me against these exploits.
How about trying WPS office? It's more polished and almost resembles MS Office in features and user interface.
 
  • Like
Reactions: Sr. Normal 2.0

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
How about trying WPS office? It's more polished and almost resembles MS Office in features and user interface.
thanks guys for the suggestions, but my goal is to understand the vulnerabilities of MS Word, not to replace it. I need its advanced features for my work.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Use the latest version of Microsoft Word or Office 365. Otherwise try Word Online on the Web, Android or iOS. Office 365 is required for large-screen tablets, but free from the browser on desktop.

Using Word should be no risk with local & trusted sources.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Use the latest version of Microsoft Word or Office 365. Otherwise try Word Online on the Web, Android or iOS. Office 365 is required for large-screen tablets, but free from the browser on desktop.

Using Word should be no risk with local & trusted sources.
if macros are disabled, do you think there is still a possibility for malicious code to run?
 
  • Like
Reactions: AtlBo
5

509322

The default settings for MS Word (and other apps in the Office suite) is to disable macros with notification.
In addition, downloaded Word files will open by default in a protected mode, and user will be warned to be careful with unknown downloads.

In light of all this, what are the remaining security risks with MS Word? And how can they be mitigated?

I am asking about an actual Word doc, not a malicious executable that has a double file extension to make it look like a Word doc.

Exploits that can result in such things as Remote Code Execution

You can get your questions answered by researching Microsoft Security Advisory for Microsoft Office, Word, Excel, etc

The risk is very small - and since you use ReHIPS, you would run each Microsoft Office program in its own dedicated isolated environment

ReHIPS is not going to prevent an exploit, but it should block the payload from running with a HIPS alert and contain it within the isolated environment if the user allows it to run

You could also use Microsoft EMET, HitmanPro.Alert, or other anti-exploit
 
Last edited by a moderator:

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Exploits that can result in such things as Remote Code Execution

You can get your questions answered by researching Microsoft Security Advisory for Microsoft Office, Word, Excel, etc

The risk is very small - and since you use ReHIPS, you would run each Microsoft Office program in its own dedicated isolated environment

ReHIPS is not going to prevent an exploit, but it should block the payload from running with a HIPS alert and contain it within the isolated environment if the user allows it to run

You could also use Microsoft EMET, HitmanPro.Alert, or other anti-exploit
thanks. I actually took MS Word out of ReHIPS isolation, so that it can interact with other programs (I have a translation software called Babylon that hooks into Word, and provides one-click translations for selected words).
But I am running HMP.A.
 
  • Like
Reactions: AtlBo
5

509322

thanks. I actually took MS Word out of ReHIPS isolation, so that it can interact with other programs (I have a translation software called Babylon that hooks into Word, and provides one-click translations for selected words).
But I am running HMP.A.

Did you try running Babylon and Word both within the same dedicated isolated environment ?
 
  • Like
Reactions: AtlBo

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
HMPA all the way, CMlew and Jeff hit on it and I use it for all Windows apps including Word, Word Pad, Note Pad, and Nitro 10 Pro
 
  • Like
Reactions: AtlBo and shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Exploits that can result in such things as Remote Code Execution...

The risk is very small ...

You could also use Microsoft EMET, HitmanPro.Alert, or other anti-exploit
Okay, so it sounds like the significant risks of MS Word (latest version, with updates) would be:
1 malicious links
2 macros, if the user enables them
 
  • Like
Reactions: AtlBo

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
First of all a typical good Antivirus or your favorite tool should protect for any possible exploit or untoward execution.

As long you put the macro settings to 'ask' for allow content, then chances of immediate infection is very minimal.

Actually it's all about how you handle the things, no need for numerous tools if unnecessary/redundant.
 
  • Like
Reactions: shmu26 and shukla44
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top