Important Word documents that are protected by a signature can still be modified due to a vulnerability. Microsoft has only patched 5 of 4 vulnerabilities that allow modification. So the problem still exists, according to researchers at the Ruhr University in Bochum and the Mainz University of Applied Sciences.
If you want to securely send an important Word document digitally, you can protect it with a signature – actually. Because, as researchers from the Chair for Network and Data Security at the Horst Görtz Institute for IT Security at the Ruhr University Bochum and the University of Mainz have discovered, unnoticed manipulation of the document is child's play for attackers. Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger and Jörg Schwenk will present the paper on their research work "Every Signature is Broken: On the Insecurity of Microsoft Office's OOXML Signatures" at the renowned IT security conference "Usenix Security Symposium". taking place from August 9th to 11th, 2023 in California, USA.
No reliable document integrity
"The goal of a digital signature is to confirm the integrity of a document," explains Simon Rohlmann, who now works at the Mainz University of Applied Sciences. For this purpose, on the one hand, a signature is generated on the basis of public-key algorithms with a private key, which can be checked on the other hand using a public key. The person who wants to send the document can thus protect it from subsequent external influences and still make it accessible to others. Thanks to the secure cryptographic process, the person who receives it can also be sure that the content of the document is valid.
However, the scientists have discovered a vulnerability that allows documents in Microsoft's Office Open XML (OOXML) to be easily manipulated: "We have recognized that documents are only partially signed. For example, you could add new content or hide signed content without anyone noticing,” explains Simon Rohlmann.
Five attack possibilities – Microsoft informs
The scientists have found a total of five attack options that are possible due to structural discrepancies in the Office system: The developers of the OOXML standard have apparently decided to only sign parts of the document package, according to the scientist. “This renders the digital signature on these documents virtually worthless. For example, an attacker could use signed documents to make attacks based on social engineering appear particularly trustworthy because the document contains a valid signature from a manager,” sums up Simon Rohlmann.
XML-based file formats that are affected by this have been used by Microsoft since 2007. Users usually recognize them by the suffix -X in the file name; file.docx or file.xlsx. Their main advantage is that they require little storage space thanks to compression technology and, in contrast to their predecessors, should actually offer more security.
Only four vulnerabilities are fixed
When the scientists first discovered the security gaps in 2022, they immediately informed Microsoft and the responsible standardization authority. However, the company did not immediately eliminate the problem, despite repeated contact from the researchers.
Since last month, only one of the five attack options, the Universal Signature Forgery (USF) attack, has been possible in the retail version of Microsoft Office 2021 (Version 2305 (Build 16501.20210)); all others have been fixed. "The attacks have not yet been fixed in the latest LTSC version of Microsoft Office 2021 (Version 2108 (Build 14332.20517))," says Rohlmann (as of Friday, June 16.6.2023, XNUMX).
The idea for researching this vulnerability is based on the success of another scientific work that the team from the Chair of Network and Data Security published in 2019: Here, the Bochum scientists were able to prove for the first time that bypassing digital signatures in PDF documents is not possible for many applications was noticed. Since then, the researchers have regularly devoted themselves to examining signatures, which are becoming more and more widespread in professional life or in an official context. However, Simon Rohlmann cannot estimate exactly how extensively the range of Microsoft Office signatures is used in this area.
The researchers have also published a corresponding white paper on the vulnerability.
Directly to the white paper at Usenix.org