Microsoft Office document files you download from the internet can harm your PC. Office files can contain dangerous macros, but macros aren’t the only risk. With new malware attacking PCs through dangerous Office documents that don’t even contain macros, keeping yourself safe in Office is just one of the security practices you should follow.
Stay In Protected View
When you download and open an Office document, it will open in “Protected View” by default. You’ll see a yellow banner message at the top of your screen warning you to stay in Protected View unless you need to edit the document. Protected View allows you to view—but not edit—the document. This helps protect your PC. You should only enable editing for a document if it’s from a source you trust.
For example, Protected View stops the current Dridex malware in its tracks. But, if you choose to enable editing, the dangerous Office document can use an exploit in Microsoft Office to attack your system.
You can manage your Protected View settings at File Options Trust Center Trust Center Settings Protected View. Ensure the “Protected View” options here are enabled.
Don’t Enable Macros
You shouldn’t run macros unless you’re sure they’re from a trusted source. Macros are dangerous because they’re basically just programs embedded into Office documents. Most dangerous Office files in the past have used macros to attack computers.
If you do end up opening an office document that contains a macro and you enabling editing, you’ll see a second “SECURITY WARNING” message informing you that “Macros have been disabled.” You should not enable macros for the document unless you absolutely trust the source, are sure the document is fine, and actually need to enable its macros for some reason
The badly named “Enable Content” button actually enables macros in the current document, which could put your PC at risk if those macros do something dangerous.
You can manage your macro security settings at File Options Trust Center Trust Center Settings Macro Settings.
The default option is “Disable all macros with notification”, which will prevent macros from running and display that yellow banner notification. You can select “Disable all macros without notification” to disable all macros and never show you a notification, if you like.
Keep Office Updated
It’s important to keep Microsoft Office updated, just as you should keep your operating system, web browser, and PDF reader updated. Office applications have been a popular target over the years, and Microsoft regularly issues patches to fix security holes.
The “Give me updates for other Microsoft products when I update Windows” option in Windows Update on Windows 7, 8, and 10 makes Windows Update install updates for your installed Microsoft Office applications, too. Just keep this option enabled, install updates from Windows Update regularly, and your Office applications will be kept up-to-date.
Note that Microsoft is only supporting Office 2010, Office 2013, Office 2016, and Office 365 with security updates. Office 2007 and earlier are no longer supported. Microsoft supports each version of Office for 10 years.
On a Mac, open an Office application and click Help Check for Updates to check for and install the latest updates. Select “Automatically Download and Install” here and the Microsoft AutoUpdate tool will automatically update your Office applications.
Open Risky Documents in Another Application
If there’s an Office document you want to view or edit and you’re worried about opening it, you can always open the document in another application.
For example, you could upload the file to Microsoft OneDrive and open it in Office Online. Or, you could upload the document to your Google Drive account and open it in Google Docs. These are both web applications that run in your web browser, so files you open in this way won’t be able to use exploits in Office’s desktop applications.
The take away from all this is really to keep Office up to date, and don’t enable editing or macros for any documents you don’t trust. Office’s default security settings block these features for a reason.