Microsoft’s Malware Protection Center is warning of a rise in attacks using boobytrapped Word documents, with malicious content embedded within using OLE:
…we’re seeing OLE-embedded objects and content surrounded by well-formatted text and images to encourage users to enable the object or content, and thus run the malicious code. So far, we’ve seen these files use malicious Visual Basic (VB) and JavaScript (JS) scripts embedded in a document.
Here are the simple rules I follow if I simply have to read a Word document that someone has sent to me:
- Don’t enable macros. Ever.
- Don’t fall for any encouragement to click or interact with any content within the document.
- Ideally, don’t use Word to view the document in the first place. Use a third-party viewer instead which doesn’t support daft things like OLE and macros which the vast majority of us never need.
In its blog post, Microsoft explains how to change the Registry key to disable Microsoft Office’s support for OLE, ensuring that no embedded packages can be activated regardless of how much users desperately try to click on them.
Wouldn’t it have been great if Microsoft had just kept Word as a simple word processor, rather than foisting all this risky functionality onto us in the first place?
Update: As malware expert Vesselin Bontchev points out, Microsoft probably meant Visual Basic Script (VBS) rather than Visual Basic.
Vesselin also recommends businesses running Office harden their defences by following the advice in these articles:
- New feature in Office 2016 can block macros and help prevent infection
- It’s time to secure Microsoft Office