Newsletter Archives

• Two more evolving threats in Office: JavaScript functions in Excel and Payment Processing in Outlook

  Posted on May 11, 2018 at 10:48 CDT by woody • Comment in the Forums

  Microsoft’s Build 2018 was a snoozer if ever there was, but two new Office “features” stand out.

  Not because they’re good. Because they’re just begging for compromise.

  Computerworld Woody on Windows.

  Office Patches/Security Build, JavaScript, Payment Processing

• JavaScript equations coming to Excel. What on earth are they thinking?

  Posted on May 9, 2018 at 13:28 CDT by woody • Comment in the Forums

  I was going to let this one fly by, but I just can’t.

  If you’re in the Office Insider program, you can now use custom functions in Excel that are written in… my sweet lord… JavaScript.

  The Office Dev Center describes the functions thusly:

  Custom functions (similar to user-defined functions, or UDFs), enable developers to add any JavaScript function to Excel using an add-in. Users can then access custom functions like any other native function in Excel (such as =SUM()). … Custom functions are now available in Developer Preview on Windows, Mac, and Excel Online.

  My jaw dropped when I heard that in the aftermath of a Build presentation yesterday. In fact, I figured I heard it wrong. But no.

  What’s wrong with making JavaScript available as an in-the-sheet programming language? As Lawrence Abrams at BleepingComputer notes, “within hours” a security researcher, Chase Dardaman, figured out a way to put the CoinHive in-browser JavaScript miner inside a spreadsheet.

  As if 25 years of macro malware wasn’t enough.

  Office Patches/Security Excel, JavaScript

• Consider a non-Windows OS for email security

  Posted on July 24, 2017 at 03:27 CDT by Kirsty • Comment in the Forums

  In closing a recent ComputerWorld.com post, Michael Horowitz concluded:

  “If you read email on a Windows computer, do yourself a favor and use a different operating system, at least for email.”

  The article was discussing Windows Scripting Host (WSH), JavaScript and VBScript malicious files, which have been associated with recent malware via emails.

  WSH can execute scripts written in many programming languages. Out of the box, it does JScript and VBScript but other languages, such as Perl and Python, can also be installed.

  Michael details how to disable the WSH component, and to have any such attachments to open in Notepad, which changes them from being script files. You can find the details here.

  Windows Patches/Security JavaScript, malware, VBScript, WSH

• Microsoft Security Advisory 4022344 plugs a bad hole in Windows Defender – here’s how to see if you got it

  Posted on May 9, 2017 at 07:22 CDT by woody • Comment in the Forums

  InfoWorld Woody on Windows

  I’m particularly interested in nailing down the Windows Update service’s interaction with Defender updates. See the comments.

  Fahmida Rashid has a great overview of the problem and its solution, in InfoWorld Tech Watch.

  Windows Patches/Security JavaScript, SA 4022344