It’s time to secure Microsoft Office

This week in the office my systems have blocked 150,000 malicious Office documents. All have Office macros attached, or OLE objects. The 90s never finished as attackers learn to automate attacks using Office and old technology. If anything is a sign that the security industry needs to shift up a gear, this is it.

Kevin Beaumont has posted a fantastic (and pragmatic!) guide for best practices when working with Office documents. His guide to simple configuration management will dramatically improve your security posture by making some changes to how trustworthy Office documents are.

OLE is more popular than ever, and for all the wrong reasons.