Microsoft's New Approach to Office Threat Management

There have been numerous speculations around the exploitation of MS Office in the past few years. Significantly enough, the number of these attacks has escalated to a noticeable high in the fall of 2017, as notified by Microsoft’s Office 365 Threat Research team in their latest advisory. The team said that they had detected an upsurge in the attempts of hackers to infiltrate systems that are running Office. This new whirl of activity can be traced to some recently-discovered exploits which are currently serving as a breeding ground for more convoluted attacks in the future.

However, Microsoft’s team has been successful in tracking down four vulnerabilities, all of which have been resolved, but may still linger in enterprises that are inactive and happen to lag behind in their security procedures. While crimeware attackers usually stick to payloads like malware and information theft to gain financial profit or access sensitive information, more experienced hackers are clearly a step ahead as they use sophisticated and multi-phase implants.

To deal with such advanced, hi-tech risks, Microsoft introduces a portfolio of robust, cloud-based security services, Windows Defender Advanced Threat Protection, for Exchange and Office 365 users. The solution draws on machine learning and behavioral analytics to automatically thwart attacks depending on the kind of exploit and deter e-mails with unauthorized content and attachments from reaching users’ inboxes. What’s more, the Windows Defender Exploit Guard feature in the new Windows 10 Fall Creators Update prevents dubious changes to files by unknown exploits while blocking suspicious documents with its Attack Surface Reduction module.

Of late, hackers have been employing the Dynamic Data Exchange (DDE) protocol to infect systems with ransomware. Notably, Office files make use of DDE to access external data sources. If used wrongly, the protocol can embed links to treacherous codes that induces Office applications to download and process hazardous malware. To this end, Microsoft directs Office users to maintain vigilance when they come across questionable e-mail attachments and pay attention to the alerts created by Office's security-enhancing Protected Mode.