[ALERT] Is Your Microsoft Word Vulnerable to Hackers?

Category: Software

If you use Microsoft Word, you need to know it has security vulnerabilities previously undisclosed. There are patches available now and it is critical that you apply them. Here is what’s wrong and how to make it right. Read on...

Microsoft Word Patch Alert

The vulnerability in all versions of Word is called CVE-2017-11882. It is a flaw in the way that Word handles objects stored in RAM memory. It can be exploited to allow an attacker to run any code he wants on the user’s system. If the user has administrator privileges, the attacker can mess with any other users on the victim’s network. He can steal files, install malware, and so on.

Astoundingly, Word vulnerability CVE-2017-11882 has existed for seventeen years! It was just discovered and reported in early November, 2017. Security researchers fear that hackers have been busily exploiting the vulnerability while a patch was in the works. They also fear that many users won’t install the patch, and have automatic Windows Update patches disabled. Don’t be one of those people!

So far, only one phishing scam has been identified that seeks to exploit this vulnerabilty. It is an email that urges a target user to open the Word document attached to it. The document is protected from antimalware detection by a password, which is included in the email for the user to unlock the file.

Microsoft Word Vulnerability

When unlocked, the document is almost blank. It shows just the command, “Enable editing.” While the victim is distracted with that meaningless busywork, a hidden Powershell script is already downloading a program called “Cobalt Strike” and using it to execute malicious commands, unseen by the user.

Cobalt Strike is a widely used, open-source toolkit for security researchers. It is used to simulate cyberattacks; in this case, it’s being used to launch a real attack. Merely opening the document triggers the Powershell script; enabling editing is just a distraction that buys time for the script to do its dirty work.

Microsoft became aware of the CVE-2017-11882 vulnerability during the second week of November. But it waited to release a patch, and bundled it with a major Windows 10 update that started rolling out to users weeks later.

All Versions of Office are Vulnerable

The computer in my office is not affected by this vulnerability, because no version of Microsoft Office has ever been installed on it. Instead, I use LibreOffice, a free "clone" of the Microsoft suite. It works great, and can open and save documents in Office formats (DOCX, XLXS, etc.) See my article FREE Alternatives to Microsoft Office for links to LibreOffice, and other options to replace Microsoft Office.

Security researchers at Embedi have confirmed that all Microsoft Office versions (including Microsoft Office 365) running on any version of Windows (32-bit or 64-bit) are vulnerable. If you use Word, you need this patch no matter what version of Windows you are running. On one of my Windows 7 machines, I found the patch was available on November 28. Running Windows Update installed it. Had I waited until 3:00 a.m. the next morning, it should have been installed automatically.

“Should” isn’t good enough; I urge you to run Windows Update, check for updates and install any patches available for Microsoft Office. If nothing shows up, and you are certain that you have Office installed, see this page for links to manual patch downloads.

A “workaround” offered by Microsoft involves disabling the Equation Editor utility found in Office and Wordpad. This requires registry-editing skills. If you want to give it a go, instructions can be found here.

Note that this workaround seems to imply that Wordpad can be exploited, too. Wordpad is included with every copy of Windows 7 and above. So you may not be safe just because you don’t have MS Office installed. On one of my systems that has never had Office installed, no patches were available in Windows Update (as expected) and the registry keys mentioned in the workaround did not exist. So it was safe to assume that there was no vulnerability.

Microsoft acknowledged the vulnerability and announced its intent to provide a patch concurrently with the launch of its much-ballyhooed “Fall Creators Update” to Windows 10. Meanwhile, Microsoft has this feeble advice for users:

"Meanwhile, we encourage customers to practice safe computing habits online," a Microsoft spokesperson said in a statement, "including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue."

It is unacceptable to delay disclosure of a vulnerability or the release of its patch. It’s incredible that this particular vulnerability eluded detection for seventeen years. Users of any Microsoft products should be highly skeptical of any unusual behaviors by those products, and of course, you should always be on the lookout for suspicious email attachments.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 29 Nov 2017

For Fun: Buy Bob a Snickers.

Prev Article:
[LEGAL?] Record Streaming Video and Music

The Top Twenty
Next Article:
Geekly Update - 30 November 2017

Most recent comments on "[ALERT] Is Your Microsoft Word Vulnerable to Hackers?"

Posted by:

29 Nov 2017

Another reason why I use Linux. It may not be perfect but Windows is so full of holes you could use it for a sieve.

Posted by:

29 Nov 2017

I have been using Libre Office that Bob mentions since I read previous articles Bob wrote listing concerns with the security of Microsoft Office products.

I resisted making the change for a long time as I like to use products I am familiar with.

I took the plunge and downloaded the free Libre Office Suite and have not found any issues opening Word or Excel documents, nor had any problems with new documents. For me it was a seamless transition, it really does work in almost the same way.

After a couple of months of using Libre, and happy that it worked for me, I removed all Microsoft Office instances on the computer.

Hopefully this means my computer is safe.

Posted by:

29 Nov 2017


Would you recommend Microsoft Notepad be uninstalled?

Is there a none MS alternative?

I am not skilled enough to mess with the registry, even with what I am sure are excellent instructions from you to follow.

Posted by:

29 Nov 2017

I use Open Office - and I have been happy with it. I figured this was a simple step to make my computer a wee bit less vulnerable - one less Microsoft program to protect from the bad guys.

Posted by:

Jerry Barnes
29 Nov 2017

Darn! I missed out on yet another Microsoft screw-up. And it's your fault, Bob, since you recommended Libre Office several years ago and I switched to it. Thanks! :-)

Posted by:

Frank Cizek
29 Nov 2017

Not a problem for me because MicroSh!t KILLED THEIR OWN OFFICE 2000 WHEN THEY WENT TO Windoze 7. Not to mention my Sidewinder Pro joystick. So about a total of $700 worth of products that I bought from them.
Guess who's products I'm never, ever going to pay good money for again?
Open Office is working just fine for me.

Posted by:

29 Nov 2017

No, the sky is NOT falling and this vulnerability is not cause for throwing the baby out with the bath water!
Windows10 adaptation of automatic updates was specifically made to address/respond quickly to provide patches for such vulnerabilities.
This news-worthy blog of Mr. Rankin's may [does?] have a negative tone indicating some dissatisfaction [disappointment?] with Microsoft in handling it. Yet, I am not certain if it is his invitation to dump Microsoft OS/Office.
I think we have bashed Microsoft for far too many decades, yet it survives and the detractors (whether Linux/Apple/Android/etc.) can take solace in ‘having their cake and eating it too’! Chacun à son goût!

Posted by:

29 Nov 2017

I stopped using Microsoft Word so long ago I don't remember when it was. I switched to Libre Office for many years, and recently changed to SoftMaker FreeOffice 2016.

Posted by:

29 Nov 2017

What Randio sez. Exploits are a fact of life for every operating system. The problem is turning off automatic updates.

Posted by:

bob rice
29 Nov 2017

I must be naive because I don't understand why anyone concerned with security would disable auto upgrades. What am I missing here?

Posted by:

30 Nov 2017

@bob rice >> Don't feel like you missed the boat on auto-updates but when Windows first introduced it, some of the advanced users were not comfortable with all of the "call home" features which required to be in place for it to work properly. Added concerns centered around not wanting to shut system down when auto-update did a [errrrr...] auto reboot, which may cause boot up issues. Also remember that some of these ‘security patches’ are rolled out as a part of a larger upgrade event (Win10 OS, v1709), thus being able to differentiate the relevancy of imbedded patches tends to be a complicated matter.
I think this particular RAM exploit requires elevated privileges (Admin rights): I am certain that any such gullible user (who is willing to follow such specific instructions from strangers) may get confused about elevators going right (...or left).

Posted by:

Jay R
30 Nov 2017

I have been using Open Office for years. I am very happy with it. If I weren't so old, I would think about getting Linux, altho I am not sure what I would do with that blanket. Not having a beagle, I might just be safe.

Posted by:

30 Nov 2017

Jay R

Change Open Office to Libre Office and I totally resemble your post :-)

Posted by:

Sarah L
30 Nov 2017

I have Microsoft Word but not as part of Microsoft Office. Is the vulnerability the same? I keep using a version of Word that came with Windows, but I do not have Office with Windows 10, or so I think.

Posted by:

01 Dec 2017

Lucy - Try EditPro. A great text editor.

Jay R - Switch to Libre Office. Updated regularly and no more MS Office needed!

Posted by:

Ralph C
03 Dec 2017

Auto update is fine for most of the world who have unlimited internet. Some of us have pay by the MB connections, and blindly downloading MS updates for software we don’t have gets expensive. For example, I don’t use Outlook, but there always seems to be an update for that, and there is no way to tell it not to download. So I have auto update off. I guess I am living on the edge of disaster, but I can only afford to download huge MS updates when I visit friends who have unlimited.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- [ALERT] Is Your Microsoft Word Vulnerable to Hackers? (Posted: 29 Nov 2017)
Source: https://askbobrankin.com/alert_is_your_microsoft_word_vulnerable_to_hackers.html
Copyright © 2005 - Bob Rankin - All Rights Reserved