Endpoint SWAT: Protect the Endpoint Community

 View Only

  • 1.  Making the case for upgrading MS Office

    Posted Sep 02, 2015 11:11 AM

    Hello all.  I am looking for any and all resources that support the argument towards convincing end users or organizations to upgrade from older unsupported versions of Micorosft Office to a current one that is still within support by Microsoft.  As an IT person I know how an unpatched product can be exploited so obviously EOSL products are unpatched and thus exploitable, but what I need here is 3rd party materials to provide to a customer so the argument can be made without it appearing that I am biased in the interest of forcing them to upgrade. 

     

    I've only just begun on this but for example I thought I had found a great answer in the Sandworm (MDropper) information, but as it turned out the exploit was patched with a Windows update, not an Office update thus useless for my argument. 

     

    I suppose I could identify all updates that have been released for Office from April 9 2014 onwards, and try to isolate on one of them that was widely exploited so there'd be some info material to draw from, but ugh, that's got time-consumption written all over it. 

     

    Anybody willing to point me down a shorter path? 



  • 2.  RE: Making the case for upgrading MS Office

    Posted Sep 02, 2015 11:14 AM
    Are you wanting something from a Symantec/SEP perspective or just in general?


  • 3.  RE: Making the case for upgrading MS Office

    Posted Sep 02, 2015 11:18 AM

    Here are the list of vulnerabilities for Office in detail:

    http://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-320/Microsoft-Office.html

    If cost is a factor, and it usually is, as well as work involved to perform the various upgrades then Office 365 may be a good solution as it is hosted but there is an annual fee based on the contract you get.  You never have to worry about upgrades or support as you will always have the latest and greatest as long as you are current on your contract.

    Macro viruses are making a comeback as well, older versions of Office do not have the security features built in that later ones do:

    http://www.theregister.co.uk/2014/07/08/macro_viruses_return_from_the_dead/

    https://products.office.com/en-us/business/compare-office-365-for-business-plans

    Hope this helps a bit.



  • 4.  RE: Making the case for upgrading MS Office

    Posted Sep 02, 2015 11:38 AM

    Any perspective is sufficient for this purpose though I'm always glad for when I can find something direct from Symantec, since my customer's are all SEP deployments with or without .cloud so it can be useful that way, as long as there isn't any vendor self-selling in there which Symatnec is very good at avoiding doing (at least in webcasts). 

     

     



  • 5.  RE: Making the case for upgrading MS Office

    Posted Sep 02, 2015 11:41 AM

    Thanks muydess!  This looks to be very good info.  I'll hope to gather more info via this thread but that is a great start, maybe even all that's needed perhaps once I get a chance to review it.  I'll wait until tomorrow to mark thread as solved just in case but again, thank you.