LibreOffice and OpenOffice updates required due to uncovered flaws

Upgrades get pushed to address the vulnerability that can be weaponized and allow attackers to manipulate documents

Updates are required as soon as possibleEarlier versions of LibreOffice and OpenOffice contain security flaws that pose a threat

Productivity software flaws might get used by malicious actors, so the security update is shipped by maintainers.[1] The flaw can provide the ability to manipulate documents into appearing to be digitally signed by the trusted source.[2] These digital signatures are used to verify that the document is not altered and can be trusted.

These flaws are not high in severity, but the consequences can be serious once the flaw gets exploited and signatures are forged in document macros. Signing the random document and faking its legitimacy is the way to trick users into allowing the macros and running malicious code.[3]

  • CVE-2021-41830/ CVE-2021-25633. The content and macro manipulation flaw with double certificate attack.
  • CVE-2021-41831/ CVE-2021-25634. The timestamp manipulation with signature wrapping.
  • CVE-2021-41832/ CVE-2021-25635.[4] Content manipulation with certificate validation attack.

If these flaws get successfully used and permit the attacker to timestamp the document, alter the contents, the document can be used as a trustworthy piece. Attackers can inject other algorithms into these documents and sign them, suggesting that they are not tampered with and signed by a trusted party.

Weaknesses have been fixed with the newest versions

The CVE-2021-41832 flaw tracked in the OpenOffice was disclosed by four researchers from the Ruhr University Bochum. The same flaw was known as the CVE-2021-25635 vulnerability in LibreOffice. Users who use the open-source office suites should upgrade to the latest available versions right away to avoid any consequences. For OpenOffice, it should be 4.1.10 and later, and for LibreOffice, 7.0.5, 7.1.1, or later.

These upgrades need to be done manually because applications do not offer the auto-updating feature. Download the latest versions from particular download centers.[5][6] You can also disable the macro function[7] if the updating is not happening or is not possible. Avoid trusting any random documents with macros. If you are still running the older versions, do not rely on the trusted list function. It is not a severe flaw, but laced and malicious documents can appear as coming from trusted sources.

Malicious macros can easily get used by criminals

Macro malware is the threat type that can be hidden in the Office files like Word or Excel. These files usually get delivered in malicious email campaigns and attached to messages or inside the ZIP files. These are common vectors for infections like ransomware because the payload of the virus can get triggered once macros get enabled on the document.

This type of malware made a comeback, and identifying these threats became very important since the ransomware aims at large businesses, companies, and everyday users. Phishing emails can easily transmit these attachments, and the text in the email requests the person to open the document and view the sensitive content that leads to run off the macro. This is the start of malware code injection into the VBA that begins to cause the infection.

Commonly, when the macro is already set to act maliciously and is included in the particular campaign, these are the signs that users can look out for and be suspicious of:

  • unknown senders;
  • random emails from unfamiliar or unrelated companies;
  • emails with details on unfamiliar purchases;
  • subject lines like “confidential”, “project”, “invoice”, “order details”;
  • documents with preview mode;
  • files with the suspicious process of macros.

Apache had another vulnerability discovered recently.[8] The vulnerability revealed that it could allow the remote code execution for unauthorized actors once exploited. Upgrades of software and applications occasionally are always recommended especially, since many developers do not come forward with their or third-party research findings.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions

References
Files
Software
Compare