Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
www.usenix.org /system/files/sec23summer_235-rohlmann-prepub.pdf
OOXML signatures are rendered pretty much useless due to 3 flaws in specification and 2 flaws in implementation.
"The vulnerabilities have been acknowledged by Microsoft. However, Microsoft has decided that the vulnerabilities do not require immediate attention."
0
comments