Jump to content

Outdated MS Office in video "Why do we need so many servers??"

Antimac233
 Share
Go to solution Solved by Tabs,
5 hours ago, Ryan_Vickers said:

You've misinterpreted my asking a question as stating a fact, and then gotten seemingly quite angry that I don't agree with you before even giving me a chance to read your information, much less respond.  Not sure why you're treating this like a fight and getting so riled up but I'd suggest taking a break to do something else for a while.

 

To get to the actual meat of this, if I understand correctly, you're saying that old versions of office are regularly found to have some vulnerability that newer versions (specifically 2016) are already immune to?  If so, that's all I wanted to know.  I'm surprised by that to be honest, and it's not something I'd heard of before or ever thought about.  Makes me wonder what they've changed that they can't port back to older ones in an update.  I mean it's not like it's a highly complex thing like an OS.  If you know that too, feel free to explain.

 

The primary reason is that the newer versions of office (2013 and onwards, but more prominently 2016 and onwards) have had an updated build process that integrates most of the protection that used to require using EMET to achieve. Much of what EMET is needed for on versions of Windows before Windows 10 (1703) is now built into the operating system too, so EMET is not recommended anymore for anyone running Windows 10 1703+. The code refactoring of Office means also that all versions of office across every platform now share the same, unified codebase, meaning problems are easier for Microsoft to fix and deploy.

 

These built-in protections means that everyone, even standard users and small businesses, get the hardening that EMET offers if they run the newest version of Office, without the need to configure and deploy EMET to all client systems. Of note is that EMET is only partially effective at securing older versions of Office, since they are built on older code that has incompatibilities with the protections EMET offers - the last time I checked, office versions before 2013 could only have basic features forced on like ASLR, and nothing more advanced like SEHOP or heap spray/ROP mitigations without causing feature breakage. 

 

Not having these mitigations by default means that when a vulnerability is found, even if it affects all office versions including 2016 - it's much easier for exploitation on earlier versions.

 

In many ways, it's worth thinking about Office as being just as complex as Windows - it's got the same multi-decade compatibility that Microsoft clings to, meaning that there are a lot of old pieces of code. They've done a lot of work to bring hardening to Office, but EMET used to be a de-facto requirement for any secure environment (as attested to by the NSA among others) and these mitigations built in from 2016 and above means any business - especially if they are using an older version of Windows like Windows 7 - should use the latest version of Office if at all possible. 

 

Note that the NSA link above will give you a certificate error when you visit it. The NSA wants people to install and use their own root cert when viewing their public documents on the IAD site, but I highly recommend against doing so. If you install it their root cert, the NSA could intercept, decrypt and modify any secure traffic if they ever got MitM access (like by being on an interim network). You can ignore the cert and assume the site is insecure, or you can google for the document - it's titled Microsoft's Enhanced Mitigation Experience Toolkit - A Rationale for Enabling Modern Anti-Exploitation Mitigations in Windows.

 

Finally, as for how I spoke to you before, it was inappropriate and I'm sorry. I've found in the past that whenever an admin or a staff member posts, they tend to be believed by default, and it makes it much harder to set the record straight in some instances. Still, that's not an excuse, and I apologise.

 

I hope my explanation above makes sense now though.

 

Is it dangerous to run an outdated version of MS Office? (Your opinion)  

88 members have voted

  1. 1. Is it dangerous to run an outdated version of MS Office? (Your opinion)


Posted

In this YouTube video one of the editing machines seems to be using Microsoft Office 2007 or 2010. I think 2007. This is an extreme security risk. I only put up the poll to see how many people actually realize if it is or not. Was wondering if this is normal practice for them here at LTT or not. Also may I recommend if this is normal to upgrade to 2016 or better yet Office 365. Link below direct to MS Office 365 for home or business I recommend you look into it. 

 

https://products.office.com/en-us/compare-all-microsoft-office-products?tab=2&OCID=AID672747_SEM_9laMHZoT&lnkd=Bing_O365SMB_NI&msclkid=d424d01020541cf948348b3f193bfdd9

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I get updating the OS but I've never heard that running an old version of office would be dangerous.  How so?

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Office is so incredibly insecure it's ridiculous. Most people don't realise that office documents can embed anything executable so long as it has a handler - an excel document with a Flash or Java applet in it is apparently perfectly fine.

 

Old versions of office are much less secure than current ones, but at least in a business environment it's controlled by GPO. Still best to have the latest version, especially since old versions aren't being patched any more.

 

5 hours ago, Ryan_Vickers said:

I get updating the OS but I've never heard that running an old version of office would be dangerous.  How so?

o.O This, for example, is one of multiple alerts that have been issued just last year - let alone in previous years - for Office. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, Tabs said:

Are you... trolling? o.O This, for example, is one of multiple alerts that have been issued just last year - let alone in previous years - for Office. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882

 

 

This seems to suggest they're still patching/updating versions as old as Office 2007, so I'll say again, what's the risk in running 2007 vs say, 2016?

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I run 2011 and I’m not bothering to update because I only use it cause I need to. Pages and Numbers etc are much better.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted (edited)
5 hours ago, Ryan_Vickers said:

This seems to suggest they're still patching/updating versions as old as Office 2007, so I'll say again, what's the risk in running 2007 vs say, 2016?

Okay, so to answer my question, you are definitely trolling. There's no way a staff member would be this  naïve. 

 

To be more blunt then, have a look at this and see how far down you have to scroll before you find a vulnerability that only affects office 2016/365 versus how many affect 2013 and below.

 

Don't worry buddy, I'll wait.

 

5 hours ago, RorzNZ said:

I run 2011 and I’m not bothering to update because I only use it cause I need to. Pages and Numbers etc are much better.

That's a bit different because 2011 is based on an entirely different codebase that is mac-only. You're probably quite secure running Office 2011 for mac, versus someone running 2013 or 2010 on a Windows pc.

Edited by Tabs
Link didn't apply
Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, Tabs said:

That's a bit different because 2011 is based on an entirely different codebase that is mac-only. You're probably quite secure running Office 2011 for mac, versus someone running 2013 or 2010 on a Windows pc.

They both get updated with security updates anyway.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted (edited)
25 minutes ago, Tabs said:

Old versions of office are much less secure than current ones, but at least in a business environment it's controlled by GPO. Still best to have the latest version, especially since old versions aren't being patched any more.

Both Office 2010 and Office 2016 uses a security feature called "Protected Mode" and for the most part Office files are benign. The common vector of malware and exploits is not necessarily MS Office itself but a legacy "Macros" which by the way even the latest Office 2016 still supports. Typically, malware authors craft a very convincing spear phishing email and a fresh new malware that is unknown to antivirus programs. If the person clicked on the fake email and opened the .docm, .xlsm, .pptm file and disabled Protected Mode, it will trigger a malicious payload either a ransomware to cripple the company or a spyware payload that exfiltrates confidential data.

25 minutes ago, Tabs said:

Office is so incredibly insecure it's ridiculous. Most people don't realise that office documents can embed anything executable so long as it has a handler - an excel document with a Flash or Java applet in it is apparently perfectly fine.

Admins can disable Macros. https://cloudblogs.microsoft.com/microsoftsecure/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/

12 minutes ago, Tabs said:

Okay, so to answer my question, you are definitely trolling. There's no way a staff member would be this  naïve. 

 

To be more blunt then, have a look at this and see how far down you have to scroll before you find a vulnerability that only affects office 2016/365 versus how many affect 2013 and below.

 

Don't worry buddy, I'll wait.

Take note that in this video, they used Office 2016 with a Macro embedded to deliver a ransomware payload. I wonder what made you think that @Ryan_Vickers is trolling.

 

Edited by captain_to_fire

There is more that meets the eye
I see the soul that is inside

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, captain_to_fire said:

Both Office 2010 and Office 2016 uses a security feature called "Protected Mode" and for the most part Office files are benign. The common vector of malware and exploits is not necessarily MS Office itself but a legacy "Macros" which by the way even the latest Office 2016 still supports. Typically, malware authors craft a very convincing spear phishing email and a fresh new malware that is unknown to antivirus programs. If the person clicked on the fake email and opened the .docm, .xlsm, .pptm file and disabled Protected Mode, it will trigger a malicious payload either a ransomware to cripple the company or a spyware payload that exfiltrates confidential data.

Admins can disables Macros.

Take note that in this video, they used Office 2016 with a Macro embedded to deliver a ransomware payload. I wonder what made you think that @Ryan_Vickers is trolling.

 

 

Only the implication that old versions of office are as secure as modern versions. That is objectively wrong, as a quick glance at the CVE database will confirm. Anyone operating in a high security environment knows that you do not allow old versions of office (macros notwithstanding as they're a separate class of vulnerability and require their own audit).

 

Nobody is suggesting the latest version of Office is bulletproof - far from it. Nobody can claim that about any software. However, it's one of the most insecure pieces of software in any Windows based enterprise and old versions are far, far easier to exploit. I 100% agree with @Antimac233 that old office versions are an unacceptable risk.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
36 minutes ago, Ryan_Vickers said:

This seems to suggest they're still patching/updating versions as old as Office 2007, so I'll say again, what's the risk in running 2007 vs say, 2016?

They're only patching 2007 and 2010 for Businesses and Enterprise.

 

Not for regular consumers.

Judge a product on its own merits AND the company that made it.

How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill | (Probably) Why LMG Merch shipping to the EU is expensive

Oneplus 6 (Early 2023 to present) | HP Envy 15" x360 R7 5700U (Mid 2021 to present) | Steam Deck (Late 2022 to present)

 

Mid 2023 AlTech Desktop Refresh - AMD R7 5800X (Mid 2023), XFX Radeon RX 6700XT MBA (Mid 2021), MSI X370 Gaming Pro Carbon (Early 2018), 32GB DDR4-3200 (16GB x2) (Mid 2022

Noctua NH-D15 (Early 2021), Corsair MP510 1.92TB NVMe SSD (Mid 2020), beQuiet Pure Wings 2 140mm x2 & 120mm x1 (Mid 2023),

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
15 minutes ago, Tabs said:

That is objectively wrong, as a quick glance at the CVE database will confirm.

I checked both links you’ve posted and I think you’re reading both wrong. One is anachronistic to make it relevant today since it’s a CVE from 2017 and we’re already at the middle of 2018. The CVE portal you posted explicitly mentioned Office 2016. Did you even bothered to click one of them? http://www.cvedetails.com/cve/CVE-2018-8161/ 

 

2317BD92-0AFD-4E1B-BF2B-A36664C4762D.thumb.jpeg.f42544d71d9798f7951281ad3ef509eb.jpeg

19 minutes ago, Tabs said:

that old office versions are an unacceptable risk.

As I’ve said before, the same link you’ve posted explicitly says that both old and new versions of Office are vulnerable to the same vulnerability and refuted your notion that new Office version is more secure than the old. 

There is more that meets the eye
I see the soul that is inside

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

As long as you keep the documents secure, the version of Office shouldn't matter.

hi.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Macros being security risk is fairly well known. But if this is such issue, why it haven't been covered in detail before? We constantly get updates about hearthbleed, ransomware, botnets, meltdown and spectre. Which are all pretty useless against consumers and aimed for larger corporations. While Office would be great target for general public. So if this is such big issue, why haven't any bigger tech-tuber covered it yet?

^^^^ That's my post ^^^^
<-- This is me --- That's your scrollbar -->
vvvv Who's there? vvvv

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
11 hours ago, Tabs said:

Okay, so to answer my question, you are definitely trolling. There's no way a staff member would be this  naïve. 

 

To be more blunt then, have a look at this and see how far down you have to scroll before you find a vulnerability that only affects office 2016/365 versus how many affect 2013 and below.

 

Don't worry buddy, I'll wait.

 

That's a bit different because 2011 is based on an entirely different codebase that is mac-only. You're probably quite secure running Office 2011 for mac, versus someone running 2013 or 2010 on a Windows pc.

 

11 hours ago, Tabs said:

 

Only the implication that old versions of office are as secure as modern versions. That is objectively wrong, as a quick glance at the CVE database will confirm. Anyone operating in a high security environment knows that you do not allow old versions of office (macros notwithstanding as they're a separate class of vulnerability and require their own audit).

 

Nobody is suggesting the latest version of Office is bulletproof - far from it. Nobody can claim that about any software. However, it's one of the most insecure pieces of software in any Windows based enterprise and old versions are far, far easier to exploit. I 100% agree with @Antimac233 that old office versions are an unacceptable risk.

 

You've misinterpreted my asking a question as stating a fact, and then gotten seemingly quite angry that I don't agree with you before even giving me a chance to read your information, much less respond.  Not sure why you're treating this like a fight and getting so riled up but I'd suggest taking a break to do something else for a while.

 

To get to the actual meat of this, if I understand correctly, you're saying that old versions of office are regularly found to have some vulnerability that newer versions (specifically 2016) are already immune to?  If so, that's all I wanted to know.  I'm surprised by that to be honest, and it's not something I'd heard of before or ever thought about.  Makes me wonder what they've changed that they can't port back to older ones in an update.  I mean it's not like it's a highly complex thing like an OS.  If you know that too, feel free to explain.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution
5 hours ago, Ryan_Vickers said:

You've misinterpreted my asking a question as stating a fact, and then gotten seemingly quite angry that I don't agree with you before even giving me a chance to read your information, much less respond.  Not sure why you're treating this like a fight and getting so riled up but I'd suggest taking a break to do something else for a while.

 

To get to the actual meat of this, if I understand correctly, you're saying that old versions of office are regularly found to have some vulnerability that newer versions (specifically 2016) are already immune to?  If so, that's all I wanted to know.  I'm surprised by that to be honest, and it's not something I'd heard of before or ever thought about.  Makes me wonder what they've changed that they can't port back to older ones in an update.  I mean it's not like it's a highly complex thing like an OS.  If you know that too, feel free to explain.

 

The primary reason is that the newer versions of office (2013 and onwards, but more prominently 2016 and onwards) have had an updated build process that integrates most of the protection that used to require using EMET to achieve. Much of what EMET is needed for on versions of Windows before Windows 10 (1703) is now built into the operating system too, so EMET is not recommended anymore for anyone running Windows 10 1703+. The code refactoring of Office means also that all versions of office across every platform now share the same, unified codebase, meaning problems are easier for Microsoft to fix and deploy.

 

These built-in protections means that everyone, even standard users and small businesses, get the hardening that EMET offers if they run the newest version of Office, without the need to configure and deploy EMET to all client systems. Of note is that EMET is only partially effective at securing older versions of Office, since they are built on older code that has incompatibilities with the protections EMET offers - the last time I checked, office versions before 2013 could only have basic features forced on like ASLR, and nothing more advanced like SEHOP or heap spray/ROP mitigations without causing feature breakage. 

 

Not having these mitigations by default means that when a vulnerability is found, even if it affects all office versions including 2016 - it's much easier for exploitation on earlier versions.

 

In many ways, it's worth thinking about Office as being just as complex as Windows - it's got the same multi-decade compatibility that Microsoft clings to, meaning that there are a lot of old pieces of code. They've done a lot of work to bring hardening to Office, but EMET used to be a de-facto requirement for any secure environment (as attested to by the NSA among others) and these mitigations built in from 2016 and above means any business - especially if they are using an older version of Windows like Windows 7 - should use the latest version of Office if at all possible. 

 

Note that the NSA link above will give you a certificate error when you visit it. The NSA wants people to install and use their own root cert when viewing their public documents on the IAD site, but I highly recommend against doing so. If you install it their root cert, the NSA could intercept, decrypt and modify any secure traffic if they ever got MitM access (like by being on an interim network). You can ignore the cert and assume the site is insecure, or you can google for the document - it's titled Microsoft's Enhanced Mitigation Experience Toolkit - A Rationale for Enabling Modern Anti-Exploitation Mitigations in Windows.

 

Finally, as for how I spoke to you before, it was inappropriate and I'm sorry. I've found in the past that whenever an admin or a staff member posts, they tend to be believed by default, and it makes it much harder to set the record straight in some instances. Still, that's not an excuse, and I apologise.

 

I hope my explanation above makes sense now though.

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
On 6/24/2018 at 8:38 PM, Tabs said:

The primary reason is that the newer versions of office (2013 and onwards, but more prominently 2016 and onwards) have had an updated build process that integrates most of the protection that used to require using EMET to achieve. Much of what EMET is needed for on versions of Windows before Windows 10 (1703) is now built into the operating system too, so EMET is not recommended anymore for anyone running Windows 10 1703+. The code refactoring of Office means also that all versions of office across every platform now share the same, unified codebase, meaning problems are easier for Microsoft to fix and deploy.

 

These built-in protections means that everyone, even standard users and small businesses, get the hardening that EMET offers if they run the newest version of Office, without the need to configure and deploy EMET to all client systems. Of note is that EMET is only partially effective at securing older versions of Office, since they are built on older code that has incompatibilities with the protections EMET offers - the last time I checked, office versions before 2013 could only have basic features forced on like ASLR, and nothing more advanced like SEHOP or heap spray/ROP mitigations without causing feature breakage. 

 

Not having these mitigations by default means that when a vulnerability is found, even if it affects all office versions including 2016 - it's much easier for exploitation on earlier versions.

 

In many ways, it's worth thinking about Office as being just as complex as Windows - it's got the same multi-decade compatibility that Microsoft clings to, meaning that there are a lot of old pieces of code. They've done a lot of work to bring hardening to Office, but EMET used to be a de-facto requirement for any secure environment (as attested to by the NSA among others) and these mitigations built in from 2016 and above means any business - especially if they are using an older version of Windows like Windows 7 - should use the latest version of Office if at all possible. 

 

Note that the NSA link above will give you a certificate error when you visit it. The NSA wants people to install and use their own root cert when viewing their public documents on the IAD site, but I highly recommend against doing so. If you install it their root cert, the NSA could intercept, decrypt and modify any secure traffic if they ever got MitM access (like by being on an interim network). You can ignore the cert and assume the site is insecure, or you can google for the document - it's titled Microsoft's Enhanced Mitigation Experience Toolkit - A Rationale for Enabling Modern Anti-Exploitation Mitigations in Windows.

 

Finally, as for how I spoke to you before, it was inappropriate and I'm sorry. I've found in the past that whenever an admin or a staff member posts, they tend to be believed by default, and it makes it much harder to set the record straight in some instances. Still, that's not an excuse, and I apologise.

 

I hope my explanation above makes sense now though.

 

I'm glad too see people take this seriously and understand you need to keep it up to date

 

On 6/24/2018 at 5:23 AM, LoGiCalDrm said:

Macros being security risk is fairly well known. But if this is such issue, why it haven't been covered in detail before? We constantly get updates about hearthbleed, ransomware, botnets, meltdown and spectre. Which are all pretty useless against consumers and aimed for larger corporations. While Office would be great target for general public. So if this is such big issue, why haven't any bigger tech-tuber covered it yet?

They are a business not a individual and even if your a home user security is important. We see more and more every day that they keep targeting computer illiterate people and milk money out of them and soon information like Facebook and Google do to sell to others for ad revenue. It's a big business. Only reason it isn't talked about is 1. Doesn't sound huge in the press cause you have to actually explain in detail and know what your talking about and 2. If you explained how modern threats work Google and Facebook are responsible for a majority of these since there services help guide people to these attackers. So if that got out and people actually understood and knew it would be game over for them.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I actually like the 2016 the best, got used to it already and all, really appreciate the dark themes.

Personal Desktop":

CPU: Intel Core i7 10700K @5ghz |~| Cooling: bq! Dark Rock Pro 4 |~| MOBO: Gigabyte Z490UD ATX|~| RAM: 16gb DDR4 3333mhzCL16 G.Skill Trident Z |~| GPU: RX 6900XT Sapphire Nitro+ |~| PSU: Corsair TX650M 80Plus Gold |~| Boot:  SSD WD Green M.2 2280 240GB |~| Storage: 1x3TB HDD 7200rpm Seagate Barracuda + SanDisk Ultra 3D 1TB |~| Case: Fractal Design Meshify C Mini |~| Display: Toshiba UL7A 4K/60hz |~| OS: Windows 10 Pro.

Luna, the temporary Desktop:

CPU: AMD R9 7950XT  |~| Cooling: bq! Dark Rock 4 Pro |~| MOBO: Gigabyte Aorus Master |~| RAM: 32G Kingston HyperX |~| GPU: AMD Radeon RX 7900XTX (Reference) |~| PSU: Corsair HX1000 80+ Platinum |~| Windows Boot Drive: 2x 512GB (1TB total) Plextor SATA SSD (RAID0 volume) |~| Linux Boot Drive: 500GB Kingston A2000 |~| Storage: 4TB WD Black HDD |~| Case: Cooler Master Silencio S600 |~| Display 1 (leftmost): Eizo (unknown model) 1920x1080 IPS @ 60Hz|~| Display 2 (center): BenQ ZOWIE XL2540 1920x1080 TN @ 240Hz |~| Display 3 (rightmost): Wacom Cintiq Pro 24 3840x2160 IPS @ 60Hz 10-bit |~| OS: Windows 10 Pro (games / art) + Linux (distro: NixOS; programming and daily driver)
Link to comment
Share on other sites
Link to post
Share on other sites
Posted

He is my opinion. Is there a danger in running old unsupported software? Sure. Extremely dangerous, I doubt. Id say at least 75% of security involves to users not being a fucking idiot. I think most of the dangers are with macros which I personally dont know how to setup or use. I mean shit, when I work at Sam's Club from 2013-2015 they were still on XP. So the fact is, I would say it really depends on how the machine is used. I highly doubt someone is going to gain control of a computer using out dated office software. It would be more likely to happen with out dated Adobe Flash Player. 

I just want to sit back and watch the world burn. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I find it funny that a brand new user is assuming everyone here that doesn't agree with their opinion is ignorant. Especially when they have no clue how people here handle their data, what their isolation practices are, and what they actually use an older version of office for. The original post seems more like a scare tactic sales pitch than a true inquiry.

There's no place like ~

Spoiler

Problems and solutions:

 

FreeNAS

Spoiler

 

 

Dell Server 11th gen

Spoiler

 

 

 

 

ESXI

Spoiler

 

 

 

 

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
On 6/25/2018 at 7:07 PM, Donut417 said:

He is my opinion. Is there a danger in running old unsupported software? Sure. Extremely dangerous, I doubt. Id say at least 75% of security involves to users not being a fucking idiot. I think most of the dangers are with macros which I personally dont know how to setup or use. I mean shit, when I work at Sam's Club from 2013-2015 they were still on XP. So the fact is, I would say it really depends on how the machine is used. I highly doubt someone is going to gain control of a computer using out dated office software. It would be more likely to happen with out dated Adobe Flash Player. 

Microsoft Office is one of the most used applications in the world. Just for that and knowing that people who actually use office do something with thier lives (I.E. have money) it makes sense to attack them. definitely if it's a business. All it takes is a email with a document that seems legit and BAM your infected.

 

On 6/25/2018 at 7:46 PM, Razor Blade said:

I find it funny that a brand new user is assuming everyone here that doesn't agree with their opinion is ignorant. Especially when they have no clue how people here handle their data, what their isolation practices are, and what they actually use an older version of office for. The original post seems more like a scare tactic sales pitch than a true inquiry.

There is no way to prevent everything. You should invest in prevention I can agree on that but it only takes one wrong move and no one is that good. By the way just cause I'm a new user doesn't mean 1. I think your stupid, I'm just trying to demonstrate and explain to people who might be unaware of this to hopefully PREVENT an incident to occur on thier work or personal PC's. the poll in this post proves that and 2. I work in IT for a company specifically doing network security thank you very much.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

When it comes to MS Office, the real security risk, as with most issues with office, exists exclusively between the chair and the keyboard. If you practice even minimal precaution, running Office 2003 isn't any more a security risk than the latest Office 365 build. Every attack avenue that existed then, still exists. Protected View is a joke and doesn't do anything to actively solve the issue.

Come Bloody Angel

Break off your chains

And look what I've found in the dirt.

 

Pale battered body

Seems she was struggling

Something is wrong with this world.

 

Fierce Bloody Angel

The blood is on your hands

Why did you come to this world?

 

Everybody turns to dust.

 

Everybody turns to dust.

 

The blood is on your hands.

 

The blood is on your hands!

 

Pyo.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, Princess Cadence said:

I actually like the 2016 the best, got used to it already and all, really appreciate the dark themes.

image.png.4a0882c95f77a48b2d31e4fbb855f8ca.png

How does it not make your eyes burn? The Black one is even worse.

Intel® Core™ i7-12700 | GIGABYTE B660 AORUS MASTER DDR4 | Gigabyte Radeon™ RX 6650 XT Gaming OC | 32GB Corsair Vengeance® RGB Pro SL DDR4 | Samsung 990 Pro 1TB | WD Green 1.5TB | Windows 11 Pro | NZXT H510 Flow White
Sony MDR-V250 | GNT-500 | Logitech G610 Orion Brown | Logitech G402 | Samsung C27JG5 | ASUS ProArt PA238QR
iPhone 12 Mini (iOS 17.2.1) | iPhone XR (iOS 17.2.1) | iPad Mini (iOS 9.3.5) | KZ AZ09 Pro x KZ ZSN Pro X | Sennheiser HD450bt
Intel® Core™ i7-1265U | Kioxia KBG50ZNV512G | 16GB DDR4 | Windows 11 Enterprise | HP EliteBook 650 G9
Intel® Core™ i5-8520U | WD Blue M.2 250GB | 1TB Seagate FireCuda | 16GB DDR4 | Windows 11 Home | ASUS Vivobook 15 
Intel® Core™ i7-3520M | GT 630M | 16 GB Corsair Vengeance® DDR3 | Samsung 850 EVO 250GB | macOS Catalina | Lenovo IdeaPad P580

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
29 minutes ago, Antimac233 said:

There is no way to prevent everything. You should invest in prevention I can agree on that but it only takes one wrong move and no one is that good. By the way just cause I'm a new user doesn't mean 1. I think your stupid, I'm just trying to demonstrate and explain to people who might be unaware of this to hopefully PREVENT an incident to occur on thier work or personal PC's. the poll in this post proves that and 2. I work in IT for a company specifically doing network security thank you very much.

As an IT professional you of all people should know that just upgrading to office 2016 or 365 is not going to guarantee your online safety. User behavior goes a lot farther than an updated software package. 

 

I did not say you thought people were stupid, you said that. I said you're assuming everyone on here that isn't running the latest Microsoft Office is ignorant. Here are statements I refer to.

On 6/24/2018 at 2:55 AM, Antimac233 said:

*snip* I only put up the poll to see how many people actually realize if it is or not. Was wondering if this is normal practice for them here at LTT or not. *snip*

3 hours ago, Antimac233 said:

*snip*  So if that got out and people actually understood and knew it would be game over for them.

You can't paint everyone that runs an older version of office as ignorant without understanding how those people use the program and what their data isolation practices are.

There's no place like ~

Spoiler

Problems and solutions:

 

FreeNAS

Spoiler

 

 

Dell Server 11th gen

Spoiler

 

 

 

 

ESXI

Spoiler

 

 

 

 

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 6/24/2018 at 1:55 AM, Antimac233 said:

In this YouTube video one of the editing machines seems to be using Microsoft Office 2007 or 2010. I think 2007. This is an extreme security risk. I only put up the poll to see how many people actually realize if it is or not. Was wondering if this is normal practice for them here at LTT or not. Also may I recommend if this is normal to upgrade to 2016 or better yet Office 365. Link below direct to MS Office 365 for home or business I recommend you look into it. 

 

https://products.office.com/en-us/compare-all-microsoft-office-products?tab=2&OCID=AID672747_SEM_9laMHZoT&lnkd=Bing_O365SMB_NI&msclkid=d424d01020541cf948348b3f193bfdd9

Lol

I use Office 2007 and it's perfectly fine, hell I could use Office 2003 and probably be perfectly fine. I didnt wanna mention like the even older versions just because Win10 gets a little weird with older programs iirc.

 

22 hours ago, Razor Blade said:

As an IT professional you of all people should know that just upgrading to office 2016 or 365 is not going to guarantee your online safety. User behavior goes a lot farther than an updated software package. 

 

I did not say you thought people were stupid, you said that. I said you're assuming everyone on here that isn't running the latest Microsoft Office is ignorant. Here are statements I refer to.

You can't paint everyone that runs an older version of office as ignorant without understanding how those people use the program and what their data isolation practices are.

I mean technically Office 2010 and Office 2007 don't directly use the internet to maintain themselves. Only for updating but unlike 2013 or newer they don't have those cloud features or whatever...

a Moo Floof connoisseur and curator.

:x@handymanshandle x @pinksnowbirdie || Jake x Brendan :x
Youtube Audio Normalization
 

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted (edited)
  • Author
22 hours ago, Razor Blade said:

As an IT professional you of all people should know that just upgrading to office 2016 or 365 is not going to guarantee your online safety. User behavior goes a lot farther than an updated software package. 

 

I did not say you thought people were stupid, you said that. I said you're assuming everyone on here that isn't running the latest Microsoft Office is ignorant. Here are statements I refer to.

You can't paint everyone that runs an older version of office as ignorant without understanding how those people use the program and what their data isolation practices are.

The facts are running older software in general is dangerous if you use it regularly and is required for your personal or business uses, you should keep up to date with it. Any software should be treated like this and in all honesty people do in general but forget things like Microsoft Office. So many times I see people who have an updated OS, Browser, Editing Software and ect. But office is sadly an application so many people just say "Why do I need a new one?" . To them they are just looking at features not security. If you update you browser and other software that I would assume virtually all users use religiously then you should update Office just like your Windows Operating System. Just like how Windows 10 is the most secure OS yet from Microsoft, Windows 7 is something we all need to leave behind and individuals and businesses are too. Over time software is made to be more secure and resilient to more modern attacks. I know what I'm talking about. I'm not trying to talk down to you. And when I say people and users in general I mean all people, not just people on here. As the people I deal with are more like "normals". But if you are serious about security stay up to date.

 

22 hours ago, Razor Blade said:

As an IT professional you of all people should know that just upgrading to office 2016 or 365 is not going to guarantee your online safety. User behavior goes a lot farther than an updated software package. 

 

I did not say you thought people were stupid, you said that. I said you're assuming everyone on here that isn't running the latest Microsoft Office is ignorant. Here are statements I refer to.

You can't paint everyone that runs an older version of office as ignorant without understanding how those people use the program and what their data isolation practices are.

BTW it is ignorant. Sry forgot to mention that in the other post. The only waiver is if your PC is 1. NEVER connected to the Internet 2. NEVER has any wired OR wireless communication with another device 3. NEVER opens files from another PC. You ONLY create or open / edit Office files stored and created from that PC. That basically means TOTAL ELIMINATION OF ALL COMMUNICATION AND FILE TRANSFERS (THIS INCLUDES FLASH DRIVES OR DISK) FROM ANY OTHER SOURCE OR PC. OTHERWISE THERE IS NO 100 PERCENT SURE THING YOUR SAFE!!!!!!!! But cutting yourself from the world doesn't work so in the real world we keep our software upto date.

 

21 hours ago, pinksnowbirdie said:

I mean technically Office 2010 and Office 2007 don't directly use the internet to maintain themselves. Only for updating but unlike 2013 or newer they don't have those cloud features or whatever...

Updating is maintenance.

 

22 hours ago, BlueChinchillaEatingDorito said:

How does it not make your eyes burn? The Black one is even worse.

That's more of an opinion. I LOVE the dark themes in Office, Edge and Windows 10!!!!

 

22 hours ago, Drak3 said:

When it comes to MS Office, the real security risk, as with most issues with office, exists exclusively between the chair and the keyboard. If you practice even minimal precaution, running Office 2003 isn't any more a security risk than the latest Office 365 build. Every attack avenue that existed then, still exists. Protected View is a joke and doesn't do anything to actively solve the issue.

That is not completely true. A lot of security experts would tell you that yes most of them are caused by dumb people. User error is terrible but even people like us who are good at avoiding issues are not 100 percent and could be venerable to an attack that is new and not well documented. Keeping up to date software is number 1 in virtually every professional security experts handbook.

Edited by Antimac233
Can't spell lol
Link to comment
Share on other sites
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing General Discussion

×