back to article Word up: Embedded vids in Office docs can hide embedded nasties, infosec bods warn

Microsoft Word documents can potentially smuggle in malicious code using embedded web videos, it is claimed. Opening a booby-trapped file, and clicking on the vid, will trigger execution of the code. Miscreants can leverage this weakness to potentially trick marks into installing malware on their PCs. It's useful for hackers …

  1. onefang
    Coat

    What, no "It's 2018 and you can still get pawned by Word documents"? Or is that officially old hat now it's near the end of the year, and we get a three month breather before "It's 2019 and you can still get pawned by Word documents".

  2. Anonymous Coward
    Anonymous Coward

    But not as nasty

    as that Office WIndows Service that Office 2016 now requires you to run permanently on in order to use MS Office.

    Why would they possibly ever want such as a thing ?

    1. Anonymous Coward
      Anonymous Coward

      Re: But not as nasty

      Why would they possibly ever want such as a thing ?

      Well, the excuse is license and update monitoring, but I suspect the reality is simply as a backup system for Windows Slurp.

      I am *so* against all these background processes that everyone + dog wants installed when you set up their software. There is never ANY information about what it does, why it is needed or how you can prevent that part of the install, it tends to hide in a place where you cannot easily kill it off or control it and authors forever want (without exception) admin level privileges to run it, a sure recipe for problems.

      BTW, it's not just a Windows problem. MacOS has that problem too. The issue: anything with admin level can pretty much do as its developers want. If that isn't benign you have a big problem and no means of control.

      Dang, that's my rant quota for the month blown :)

  3. DJV Silver badge

    Typical Microsoft

    Microsoft will no doubt keep up the "head in the sand" attitude until the loophole starts being used for some massive web-wide nasty that can't be ignored.

  4. dhawkshaw

    "The product is properly interpreting HTML as designed – working in the same manner as similar products,"

    Can anyone advise what LibreOffice will do when faced with such a manipulated docx file ?

  5. bombastic bob Silver badge
    Trollface

    Microsoft Word documents can potentially smuggle in malicious code

    Deja Vu

  6. Anonymous Coward
    Anonymous Coward

    Nanny State OS

    Oh FFS this isn't a windows fail it's a user blunder.

    It's 2018 and if you don't know not to execute binaries within word docs then there's no saving you.

    I don't have the patience for twelve o'clock flashers anymore.

  7. taxman
    Holmes

    MS Word conduit?

    See icon

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020