>I have Office 2010 on an old computer. While it lacks some modern features of Microsoft 365 (for example, Office 2010 is much, much faster), it still works seamlessly with any files I create in 365. And I only had to pay, once, about the same amount that Microsoft is charging for a year's use of the same suite in the present day.
You really shouldn't be running an unpatched office suite. While it's not as dangerous as running an unpatched browser, there are occasional 1-click RCEs that show up that means opening any sort of untrusted docx/xlsx file is like playing russian roulette.
Contrary to what the propaganda wants you to think, I suspect the majority of people who have the brain to oppose are not opening every file that's sent to them by strangers.
The "majority" of people probably aren't clicking on untrusted links either, but we still advise people to keep their browsers up to date. Many people also need to open .docx files from strangers because it's part of their profession/business. Small business owners need to read RFPs and pay invoices, and jobseekers might need to open a questionnaire from a potential employer, all of which could be in .docx. The sender doesn't even have to be malicious. It's possible for one person, who's used to opening untrusted documents on a regular basis (eg. recruiter), to get infected, and for the malware to infect other documents that person sends to others (eg. finance).
That’s more of an issue with the network security then?
And even if computers didn’t exist, it still would make no sense to assume every single person is competent 100% of the time… at any company. Human beings are fallible, and that has to be factored in.
> You really shouldn't be running an unpatched office suite.
Is there any "patched" office suite up there ? Microsoft was never famous for its security and Google is of "ship it first, fix it later" and "extend the attack surface as much as possible" philosophy.
Huh, there must be(tm) a scanner for malware for these files. I know they're XML, although I wonder how much of it end up being base64-encoded binary blobs...
You really shouldn't be running an unpatched office suite. While it's not as dangerous as running an unpatched browser, there are occasional 1-click RCEs that show up that means opening any sort of untrusted docx/xlsx file is like playing russian roulette.
https://msrc.microsoft.com/update-guide filter for "office"