The problem only affects Office 2013 thanks to its close integration with Office 365. In order to exploit the vulnerability the attacker needs to get a user to click on a malicious Word document via a link in an email or on a website. Of course us tech savvy types know to avoid that sort of thing. But in a large organization you only need one employee to click on a document claiming to be a job application or a document from review and your whole SharePoint archive is wide open.
PowerPoint, Excel and OneNote are vulnerable too, and you won’t be safe if you’re using SkyDrive Pro because under the skin it’s actually a SharePoint Online site.
Liran sums up, “The vulnerability we researched here and the security incident that used it is a bona fide Perfect Crime; a crime where the victim doesn’t know that he’s been hit; a crime where there’s no proof of any foul play anywhere; a crime where protecting yourself against it without being familiar with its modus operandi is next to impossible”.
“There was no malware payload to reverse-engineer. No file hash we can trace through time. No IP address to locate and investigate. No servers to confiscate. The attacker simply gets away with your Office 365 token. For good”.
The vulnerability has been repaired in December’s Patch Tuesday round of updates and Office 2013 users are urged to install the fix as soon as possible.