Security Stop-Press : Office Open XML Signatures Have Security Flaws

Written by: Paul |

Researchers from Ruhr University Bochum in Germany have reported that the Office Open XML (OOXML) Signatures, an Ecma/ISO standard used in Microsoft Office applications and open source OnlyOffice, have security flaws that could allow attackers to modify the content in signed documents, while the signatures are still displayed as valid. The researchers have informed Microsoft and proposed countermeasures to prevent such issues in the future which Microsoft is reported to have acknowledged and to have awarded the researchers with a bug bounty.