For me, when I open an Excel file from our business partner, it will always open in protected view which limits the functions the document can do. I then have to tell it to open in regular view which closes the doc and reopens it, wasting my time.
But sometimes even doing that won’t solve the problem. It will say I have to go into the doc’s properties and mark it as “safe”. That requires closing it yet again. Right clicking it in file explorer, and checking a box in the properties tab. Then I get to reopen it yet again.
And I have to do this nearly every single time. Fun stuff.
Microsoft office documents not running in protected mode can run arbitrary code on your computer. Given VBA that arbitrary code can pretty much access anything any installed application can.
There’s a load of Office malware written that can infect all the documents on your system with keyloggers and password scrapers.
It’s a pain in the ass yeah, but it exists to mitigate a very real risk.
Microsoft managed to build a file format for spreadsheets, text documents and such, which can be used to run arbitrary code on the PC where it’s opened (via VBA). In a move that no one could have predicted, this is used to distribute malware.
And their bandaid fix is this “Protected Mode”, which is entered when you receive a document from another organization. In Protected Mode, it does not run VBA code until you exit it.
Unfortunately, their solution has conditioned users to basically always exit Protected Mode.
The annoying part is, they could check if the file even contains malicious code. But they don’t and instead default to protected mode, even for basic files.
As someone who never did anything dodgy with a computer in my time. Its cos Microsoft files opened not in protected views can embed and execute macros. These macros are essentially a remote code execution. Mostly not used anymore (defaults to disabled macros) but plenty of large orgs still have macros enabled cos legacy bullshit.
U can do similar with some font formats, screensavers, and a multitude of unexpected things that most people think are completely safe. That’s how linustechtips was got rce through screensaver disguised as PDF that installed a rat and token stealer that stole live YouTube session tokens. U can also use the victim device as an exit for routing traffic as a reverse proxy so tokens appear to be coming from the same device to avoid triggering security warnings.
Tldr don’t enable it for random files from dubious sources and check the file extensions else u will get hacked.
As someone who doesn’t use microsoft stuff… anyone here have an explanation? lol
For me, when I open an Excel file from our business partner, it will always open in protected view which limits the functions the document can do. I then have to tell it to open in regular view which closes the doc and reopens it, wasting my time.
But sometimes even doing that won’t solve the problem. It will say I have to go into the doc’s properties and mark it as “safe”. That requires closing it yet again. Right clicking it in file explorer, and checking a box in the properties tab. Then I get to reopen it yet again.
And I have to do this nearly every single time. Fun stuff.
How can you know if a document is safe to open in this “regular view”?
Microsoft office documents not running in protected mode can run arbitrary code on your computer. Given VBA that arbitrary code can pretty much access anything any installed application can.
There’s a load of Office malware written that can infect all the documents on your system with keyloggers and password scrapers.
It’s a pain in the ass yeah, but it exists to mitigate a very real risk.
It doesn’t mitigate anything when it pops every single time. Microsoft on its own has rendered scary messages useless with how often they use them.
U would want to install a rat or do a browser token theft. Why bother with a keyloggers when u can steel access codes from the browser directly.
Thamks :3… I can see why that would be annoying lol
What company do u work at? Cos one well placed email with a dodgy file attached could destroy the entire company.
Microsoft managed to build a file format for spreadsheets, text documents and such, which can be used to run arbitrary code on the PC where it’s opened (via VBA). In a move that no one could have predicted, this is used to distribute malware.
And their bandaid fix is this “Protected Mode”, which is entered when you receive a document from another organization. In Protected Mode, it does not run VBA code until you exit it.
Unfortunately, their solution has conditioned users to basically always exit Protected Mode.
The annoying part is, they could check if the file even contains malicious code. But they don’t and instead default to protected mode, even for basic files.
It’s probably spaghetti enough that just loading it to check would be exploitable.
As someone who never did anything dodgy with a computer in my time. Its cos Microsoft files opened not in protected views can embed and execute macros. These macros are essentially a remote code execution. Mostly not used anymore (defaults to disabled macros) but plenty of large orgs still have macros enabled cos legacy bullshit.
U can do similar with some font formats, screensavers, and a multitude of unexpected things that most people think are completely safe. That’s how linustechtips was got rce through screensaver disguised as PDF that installed a rat and token stealer that stole live YouTube session tokens. U can also use the victim device as an exit for routing traffic as a reverse proxy so tokens appear to be coming from the same device to avoid triggering security warnings.
Tldr don’t enable it for random files from dubious sources and check the file extensions else u will get hacked.
So disable macros until enabled. But protected view won’t even let you edit a text document.
Yeah Idk why that is all I know is macros will ruin ur life if ur not careful. Luckily I run QubesOS so not a problem I’m too concerned with.
Microsoft documents can contain macros (scripts). While there are legitimate uses for macros, bad actors can use them for malicious purposes.
Protected mode prevents the macros from running.