When Word opens a document in Protected View, it renders a read-only view of the document using only data contained in the document itself – it does not attempt to load any resources not actually found in the file. In this blog post, I will demonstrate three different attacks that are stopped by Protected View. Microsoft Word, as an example, will open untrusted email attachments in a mode called “ Protected View“. Someone engaging in spear phishing could employ Word-based web trackers to learn more about the type of desktop computer and operating system a target is using, helping the spear phisher tune his or her strategy for further attack. To reduce the risk of this exposure, Microsoft Office applications like Outlook, Word and Excel use a trust model to determine how to handle documents that are downloaded from the internet or which arrive via email. Unfortunately, these features can be abused by bad actors to obtain operational intelligence on individuals, or even to steal credentials. This is a great feature within corporate environments because it facilitates the reuse of assets like logos and corporate document templates. Microsoft Word has long offered support for loading images and templates over the network.
0 kommentar(er)
