2 min read

Mac users warned that disabling all Office macros doesn't actually disable all Office macros

Graham CLULEY

November 07, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Mac users warned that disabling all Office macros doesn't actually disable all Office macros

It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of stemming the threat.

Unfortunately, it seems that’s not the case – at least not for users of the Mac version of Microsoft Office.

As The Register reports, the CERT Coordination Center at Carnegie Melon University has warned that one of the countermeasures built into Office for Mac against malicious macros is defective.

Astonishingly, consumers and companies who believe they have protected their computers by configuring MS Office to “Disable all macros without notification” are actually opening themselves up to the possibility of being silently infected.

The problem, first uncovered by Netherlands-based security outfit Outflank and reported to Microsoft a year ago, is related to Microsoft Excel’s support for a legacy type of macros known as XLM or Excel 4.0 macros. Microsoft has previously encouraged users of XLM macros to migrate them to the latest version of Microsoft Visual Basic for Applications (VBA), but still supports the XLM format.

And that’s a problem – because Office 2011 for Mac does not properly warn users of the presence of XLM macros within SYLK files.

That would be bad enough, but when the “Disable all macros without notification” feature is enabled, the XLM macros are actually automatically executed without any warning or prompts being shown to the user.

Without enabling any macros, Outflank were able to trick Excel into running macro code:

“I did not yet enable macros but already some part of the macro got interpreted? Further looking into it, I noticed that the Sylk was opened with Excel 2011, instead of Excel 2016 which I also had installed.”

(Fully patched versions of Office 2016 and Office 2019 for Mac reportedly do correctly report the presence of XLM macros inside SYLK files.)

At the time of writing there is no officially released patch from Microsoft for vulnerable versions of Office for Mac, but you may choose to switch from “Disable all macros without notification” to the normally less secure “Disable all macros with notification”.

CERT additionally recommends considering blocking Sylk (.SLK) file attachments at your email gateway, although as Outflank claims that the threat still works if a boobytrapped .SLK file is renamed to be a usually-considered harmless .CSV (comma-separated values) file that may not be enough.

Of course, none of this explains why Microsoft’s own quality control team didn’t spot this issue in the first place…

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read