• bbutler67

Update LibreOffice And OpenOffice To Avoid Critical Security Risk

Do you use LibreOffice or OpenOffice? If so be aware that security updates have recently been issued due to the recent discovery of a major security flaw. This vulnerability allows an attacker to modify and manipulate documents so that it appears they have been signed by a trusted party.

Although the flaw that makes this possible has only been classified "Moderate" the reality is that the implications could be crippling. Digital signatures are used as a means of verifying that the document in question is from a trusted source. As such the ability to spoof those signatures could easily open the floodgates allowing attackers to do untold harm to any business using either Libre- or OpenOffice.

The OpenOffice flaw is being tracked as CVE-2021-41832 and the LibreOffice flaw is being tracked as CVE-2021-25635. For those who don't know LibreOffice is a fork of OpenOffice. An offshoot that was created decades ago. That means that this flaw has roots that run deep.

It should be noted that neither of these applications are auto-updating. That means that unless you're very good about checking for new versions on a regular basis the version you're currently using is probably out of date. Given the risks that these security flaws represent you should upgrade to the latest version as soon as possible.

If you are unable to upgrade whatever the reason a viable temporary solution would be to disable macros. Also note that if you are running an older version you shouldn't rely on the "trusted list" functionality. This is because an invalid signature algorithm could still make a laced document appear as it comes from a trusted source.

Kudos to the developers for quickly addressing these security issues. Again if you use either suite be sure you upgrade to the latest version as soon as possible.


At Dallas Network Services, we work with a large variety of businesses based in Dallas and Fort Worth (DFW) and the surrounding area such as Addison, Plano, Carrollton, Denton, Richardson, Garland and beyond. We also extend our reach outside the area to include all Texas and other states. We provide on premise server support including Microsoft Exchange as well as Cloud computing services and hosted solutions. We specialize project services, network support, desktop support and voice over IP (VoIP) business phones. Our fully managed IT services will improve your business reliability as well as your bottom line. Contact us today at www.dallasnetworkservices.com chat or call 214-696-6630. #DNS#dallasnetworkservices#techsupport#hacker#cybersecurity#MSP

2 views0 comments