LAS VEGAS. There was a time when Microsoft Office documents were easily exploitable by attackers, and those days may be on the way back.
According to a pair of researcher presenting at the Black Hat conference today, Microsoft Office is still at risk, despite multiple security measure taken by Microsoft and others. Taiwanese researchers Sung-ting Tsai (who also goes by the name TT) and Ming-chieh Pan demoed multiple techniques to a live Black Hat audience as proof of concept that they could exploit documents and use them as delivery platforms for malware.
TT noted that document attachment are often used in Advanced Persistent Threat (APT) attacks since the exploit can be customized.
“If you have installed all Microsoft Office patches and there are no 0 day vulnerabilities, will it be safe to open a Word or Excel doucment?” TT asked the audience. ” The answer is no.”