Microsoft Office Document vulnerability
Microsoft has published a CVE involving malicious Microsoft Office Documents here.
Avoid
If you receive any new correspondence with Microsoft Office Documents (Word, Excel, PowerPoint) attached or link to download one, please proceed with extra caution.
I generally follow the “trust but verify” mindset with any link or attachment I receive.
Call (not email) the sender and verbally verify they sent you an attachment. In some cases the sender’s email could be compromised, so sending a response of “Is this something you meant to send” can easily be intercepted and deleted by the hacker.
For vendors that send information via email frequently I don’t click the links from emails. I just google it and find the information on the site. You’re generally safer downloading directly from their website. Though sometimes websites have been hacked and malicious content uploaded.
Avoid attachments altogether. This is a harder stance to take, but I’m very unlikely to download an attachment you send me. I’ve seen too much for it to be worth the risk:-)
Moving Forward
This is a good time to re-evaluate your existing vendor or customer workflows. Ask yourself are your relationships vulnerable to being exploited by hackers?
Are you frequently sending brochures or marketing materials via attachments?
Do you collaborate on documents via email?
Do you update your website with newsletters, menus, etc every week?
Take a look at these processes and think about making them less susceptible to a hacker impersonating you and duping one of your stakeholders.
Use a central folder on a cloud based file service. I still tell customers not to click on links from dropbox, microsoft, etc, but once you’ve setup a central place to share information your users just need to login to the service you use to see the data. No need to click on any email notifications your receive.
Use Microsoft Teams with external/guest users. You can easily switch between organizations in the Teams client and collaborate on the file directly in the Teams UI.
Webify your marketing materials, newsletters, menus, etc. There are great tools out there to help make HIGH quality websites without having to code. Squarespace, Wix, Wordpress etc. Plus your customers will have a more positive experience with your content. Especially on mobile devices.
Mitigation Steps / The Geeky Stuff
This particular vulnerability goes after ActiveX controls in Internet Explorer. Yes the innards of this ancient beast are still lurking in your PC. You can mitigate them by disabling ActiveX controls across all zones (Internet, Intranet, Local Machine, or Trusted).
You can add this with a .bat script
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v "1001" /t REG_DWORD /d 00000003 /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v "1004" /t REG_DWORD /d 00000003 /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1001" /t REG_DWORD /d 00000003 /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v "1004" /t REG_DWORD /d 00000003 /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1001" /t REG_DWORD /d 00000003 /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v "1004" /t REG_DWORD /d 00000003 /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1001" /t REG_DWORD /d 00000003 /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1004" /t REG_DWORD /d 00000003 /fTechnology Porter
As always we’re available to provide IT Support in Everett, WA and Snohomish County. Contact us if you need any assistance.