I read about a Windows feature that allows attackers to perform code execution in Microsoft Office, bypassing embedded...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
executable object controls. How does this attack work? Why isn't Microsoft fixing it, and what can enterprises do to stay safe from hidden risks within embedded documents?
Backwards compatibility and legacy features are some of the most vulnerable areas of any software. Software designed with new development lifecycles and new developer tools has a better chance of being secure than software designed by new developers who still make security mistakes. Legacy code for Windows -- including many parts of Windows and the OLE embedding feature -- has plagued Microsoft since it started the push into trustworthy computing. Newly developed software has been more secure for Microsoft, but it still has insecure features it needs to support. Microsoft has not released why it was not disabling this insecure feature, but it's possible that it's because critical functionality, like basic copy and pasting, could be affected by the fix.
Kevin Beaumont announced an attack on the OLE embedding feature. The attack works because certain types of files and applications on Windows allow users to embed arbitrary files within the main file. For instance, a user could embed an Excel spreadsheet in a Word document and then use Excel to edit the spreadsheet. This provides significant functionality, but also significant complexity and risks. The embedded documents look like an icon in the Word document, but the end user needs to double-click on the icons to open or execute the embedded documents. This embedded file could be malware and, like other malware, completely compromise the security of the system. Once arbitrary code is executed on an endpoint, it is difficult to keep a system secure.
Enterprises can stay safe from embedded documents by using tools that will scan an entire file for malware and unpack or decode the multiple different ways that an executable can be included in a file. These tools could be antimalware software, Web security proxies, email security gateways or others that would need to be able to extract any executable content from a seemingly safe file type so the malware could be identified.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Check out the latest Patch Tuesday release from Microsoft
Learn more about the security features of Microsoft Azure
Find out how Microsoft just upped its game with Edge security features
Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments
Related Q&A from Nick Lewis
The GD library used in the Junos operating system has opened Junos up to attacks. Nick Lewis explains how it happened and what it means for companies...continue reading
Antivirus software is crucial to your device's security. However, less is often more, especially when considering a secondary free antivirus program....continue reading
Bitdefender discovered that the NotPetya malware changes its behavior when Kaspersky security products are detected. Nick Lewis explains how the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.