Opening Old Microsoft Office File Formats is a Serious Security Risk

Do not open any attachment with a .doc, .xls or .ppt file extension (no exceptions). 

  1. If the file is from someone you know and is expected then ask the sender to resend the file with the .docx, .xlsx or .pptx extension (as these files cannot contain macros). 
  2. If the file isn’t expected but appears to come from someone you know then verify with the sender it was actually sent by them, then ask them to resend it in the new format as in 1. above. 
  3. If the file isn’t expected and isn’t from someone you know then delete the email. 
  4. Do not open any attachment with a .docm, xlsm or .pptm file unless you are CERTAIN these files pose no risk (ie they are from someone you know and you are expecting this file).

Please disseminate this information throughout your company. 

Explanation 

In Office 2007 Microsoft changed their proprietary format for Word, Excel and PowerPoint files to the Office Open XML format (confusingly this bears no relation to the Open Office program). One of the other changes made at the same time was to enforce any Office file containing macros to use the equivalent file suffix .docm, .xlsm and .pptm.

A macro is a small program that can be added to an Office file to automate a task. It can also be configured to run automatically when the file is opened. As you can imagine this trick is beloved by the bad people who want to compromise your computer as it enables them to do this using a macro without your knowledge.

The Office files malicious third-aprties send you as email attachments will almost always be in the old .doc, xls or .ppt format, because this way you have no way of knowing they contain a macro that is going to automatically activate when you open the file. 

Recommendations

For files you already have: 

  1. Search your computer(s) and/or data store (eg file server, NAS device, OneDrive  or SharePoint document libraries ) for *.doc. *.xls and *.ppt files (we can help with this, if required). 
  2. Either quarantine them or create a manual process to either remove these files or use the File | Save As option to save them in .docx, .xlsx and .pptx format, as appropriate. 
  3. If any Word, Excel or PowerPoint file with the old suffix contains macros you will need to resave them as .docm, .xlsm or .pptm files, as appropriate. 

If in doubt then please raise a ticket. 

Related Posts

Raise a Ticket