Supposedly secure: The signature of Office documents had vulnerabilities.
© CASA/Schwettmann/ Robrahn

IT-Security Researchers discover vulnerabilities in Microsoft Office application

The problem affects signatures in Word documents, for example.

Users who need to securely send an important Word document digitally can protect it with a digital signature. But as researchers from the Network and Data Security department at the Horst Görtz Institute for IT Security at Ruhr University Bochum, Germany, and the Mainz University of Applied Sciences have discovered, attackers can easily manipulate the document without being detected. Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger and Jörg Schwenk will present their research paper “Every Signature is Broken: On the Insecurity of Microsoft Offices OOXML Signatures” at the renowned IT security conference “Usenix Security Symposium”, which takes place from 9 to 11 August 2023 in California, USA.

Five attack vectors

“The goal of a digital signature is to validate the integrity of a document,” explains Simon Rohlmann, who has joined the Hochschule Mainz. This involves using public key algorithms to generate a signature using a private key, which can then be verified using a public key. In this way, the person sending the document can protect it against subsequent interference by third parties, while still making it accessible to others. The recipient can also rely on the secure cryptographic process to ensure that the contents of the document are valid. However, the researchers have discovered a vulnerability that makes it easy to manipulate documents in Microsoft’s Office Open XML (OOXML): “We found that documents are only partially signed. This could, for example, allow new content to be added or signed content to be hidden without anyone noticing,” explains Simon Rohlmann.

The researchers identified a total of five attack vectors that are possible due to structural inconsistencies in the Office system: The developers of the OOXML standard seem to have decided to sign only parts of the document package, according to the researcher. “This makes the digital signature for these documents practically worthless. An attacker could, for example, use signed documents to make social engineering attacks appear particularly trustworthy because the document contains a valid signature of a superior,” summarises Simon Rohlmann.

Four vulnerabilities are fixed

The XML-based file formats affected have been used by Microsoft since 2007. Users can usually recognise them by the suffix -X in the file name; file.docx or file.xlsx. The main advantage of these files is that they use a compression technique to take up less space and are supposed to be more secure than their predecessors. When the researchers first discovered the vulnerabilities in 2022, they immediately informed Microsoft and the relevant standards body. However, the company did not immediately fix the problem, even though the researchers contacted them several times. As of last month, only one of the five attack vectors, the Universal Signature Forgery (USF) attack, is still possible in the retail version of Microsoft Office 2021 (version 2305 (build 16501.20210)). “In the latest LTSC version of Microsoft Office 2021 (version 2108 (build 14332.20517)), the attacks are not yet fixed,” says Rohlmann (as of Friday, 16 June 2023). 

The idea to research such vulnerabilities is based on the success of another scientific paper published in 2019 by the team of the Chair for Network and Data Security: Here, the Bochum scientists were able to prove for the first time that the bypassing of digital signatures in PDF documents is not noticed by many applications. Since then, the researchers have regularly devoted themselves to the study of signatures, which are becoming more and more widespread, especially in professional life or in the context of public authorities. However, Simon Rohlmann says he is not in a position to assess exactly how much use is made of Microsoft Office signatures in this area.

Original publication

Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, Jörg Schwenk: Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures, PDF version of the paper

Press contact

Simon Rohlmann
Hochschule Mainz
Economy
Germany
Phone: +49 6131 628 3280
Email: simon.rohlmann@hs-mainz.de

Download high-resolution images
The selected images are downloaded as a ZIP file. The captions and image credits are available in the HTML file after unzipping.
Conditions of use
The images are free to use for members of the press, provided the relevant copyright notice is included. The images may be used solely for press coverage of Ruhr-Universität Bochum that relates solely to the contents of the article that includes the link for the image download. By downloading the images, you receive a simple right of use for one-time reporting. Saving the images for other purposes or further processing of the images that goes beyond adapting them to the respective layout requires an extended right of use. Should you therefore wish to use the photos in any other way, please contact redaktion@ruhr-uni-bochum.de

Published

Wednesday
21 June 2023
2:02 pm

By

Christina Scholten

Translated by

Christina Scholten

Share