Researchers from Ruhr University Bochum have discovered five new attack vectors capable of warning real signatures in Microsoft Office documents while still appearing valid. The attack classes enable bad actors to change the content of signed documents whilst signatures remain intact. All versions of Microsoft Office were tested and found to be vulnerable. Surprisingly, researchers found that Microsoft Office on macOS indicated a document was signature-protected without validating the signature. The attack enables fraudsters to apply a signature taken from an arbitary document and validate it using a trusted entity. Researchers called for countermeasures to tackle the issue. Microsoft has acknowledged the research findings and rewarded the team for its work.
https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann