There are three issues primarily. First, OOXML uses partial signatures, so not every file gets checked. Second, the rendering flow allows unsigned content to be added to files, and third, handling cryptographic verification for digital signatures is overly complicated.
The team say it reported the findings to Microsoft, OnlyOffice, and to the relevant standards committee,Microsoft, they claim, acknowledged the findings and awarded a bug bounty, but"has decided that the vulnerabilities do not require immediate attention." And the researchers say they've not heard from OnlyOffice since October, 2022.
"Digital signatures should at least achieve the information security goals of integrity and authenticity," he said. Rohlmann said he could not say how common signed OOXML documents may be."Signed documents are mainly used by companies and governments, and are mostly used internally, so we do not have any clear information on this," he said."However, I estimate that the distribution of signed PDF documents is probably significantly higher than signed OOXML documents."
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Rishi Sunak turns on Boris Johnson over honours list\n\t\t\tGet local insights from Lisbon to Moscow with an unrivalled network of journalists across Europe,\n\t\t\texpert analysis, our dedicated ‘Brussels Briefing’ newsletter. Customise your myFT page to track\n\t\t\tthe countries of your choice.\n\t\t
Source: FT - 🏆 113. / 51 Read more »
Source: thelincolnite - 🏆 121. / 51 Read more »
Argentina turns to IMF in last-ditch bid to stave off devaluation\n\t\t\tExpert insights, analysis and smart data help you cut through the noise to spot trends,\n\t\t\trisks and opportunities.\n\t\t\n\t\tJoin over 300,000 Finance professionals who already subscribe to the FT.
Source: FT - 🏆 113. / 51 Read more »
Source: talkSPORT - 🏆 91. / 53 Read more »