Microsoft Office

Security Bulletin Webcast Video, Questions and Answers – June 2009

During the security bulletin webcast for June 2009, we answered a wide array of questions around the 10 bulletins we released. Of primary interest to customers, based on the number of questions we received on the topic, is the RPC issue addressed by MS09-026. As this issue affects third party products that utilize RPC in …

Security Bulletin Webcast Video, Questions and Answers – June 2009 Read More »

MS09-024: Lower risk if you have Microsoft Word installed

Today we released bulletin MS09-024 that fixes vulnerabilities in text converters for the Microsoft Works document file format (WPS). Reduced impact if Microsoft Office is installed The Works converters included with Microsoft Word are vulnerable. However, the Microsoft Word installer does not associate the WPS file extension with Word. So a user double-clicking a WPS …

MS09-024: Lower risk if you have Microsoft Word installed Read More »

MS09-017: An out-of-the-ordinary PowerPoint security update

Security update MS09-017 addresses the PowerPoint (PPT) zero-day vulnerability that has recently been used in targeted attacks. We issued security advisory 969136 with workarounds on April 2nd after we first saw the exploits in-the-wild abusing this vulnerability.  We also published an SRD blog entry describing how to analyze exploits and an MMPC blog entry with more …

MS09-017: An out-of-the-ordinary PowerPoint security update Read More »

MS09-010: Reducing the text converter attack surface

MS09-010 addresses vulnerabilities in Word converters used by WordPad and by Office to load files saved in old file formats. Some of you probably saw this bulletin and thought “I never open documents from versions of Word prior to Word XP,” and you may be interested in reducing your attack surface. In this post we’ll …

MS09-010: Reducing the text converter attack surface Read More »

Investigating the new PowerPoint issue

This afternoon, we posted Security Advisory 969136 describing a new vulnerability in PowerPoint while parsing the legacy binary file format. Unfortunately, we discovered this vulnerability being used to deploy malware in targeted attacks. We expect this blog post will: Help you protect your organization from being exploited, and Help you analyze suspicious PowerPoint files. The …

Investigating the new PowerPoint issue Read More »

Behavior of ActiveX controls embedded in Office documents

The Microsoft Office applications (Word, Excel, PowerPoint, etc) have built-in ActiveX control support. ActiveX support allows a richer experience when interacting with an Office document. For example, a document author could use the Safe-For-Initialization Office Web Components (OWC) ActiveX control to retrieve data from an intranet data source. Office applications’ prompting behavior By default, Office …

Behavior of ActiveX controls embedded in Office documents Read More »

More information about the new Excel vulnerability

This morning, we posted Security Advisory 968272 notifying of a new Excel binary file format vulnerability being exploited in targeted attacks. We wanted to share more information about the vulnerability to help you assess risk and protect your environment. Office 2007 being targeted The current attacks we have seen target users of Office 2007 running …

More information about the new Excel vulnerability Read More »

MS08-043 : How to prevent this information disclosure vulnerability

In this month’s update for Excel we addressed an interesting CVE (CVE-2008-3003) – the first vulnerability to affect the new Open XML file format (but it doesn’t result in code execution). This is an information disclosure vulnerability that can arise when a user makes a data connection from Excel to a remote data source and …

MS08-043 : How to prevent this information disclosure vulnerability Read More »

MS08-042 : Understanding and detecting a specific Word vulnerability

A few weeks ago we posted a blog entry titled “How to parse the .doc file format“. Today’s blog post will show you how to use that information to check whether a .doc file is specially crafted to exploit MS08-042, one of the vulnerabilities addressed by today’s security updates. This particular vulnerability is being exploited …

MS08-042 : Understanding and detecting a specific Word vulnerability Read More »

How to parse the .doc file format

This past February, Microsoft publicly released the Office binary file formats specification.  These describe how to parse Word, Excel, and PowerPoint files to review or extract the content.  Because they describe the structure of these file formats in detail, we think the file format specification will be particularly interesting to ISVs who write detection logic for malware scanners …

How to parse the .doc file format Read More »