The Document Foundation has released a major security update for free office software LibreOffice, which helps protect against macro viruses. If you're running a version of LibreOffice older than 6.2.5, you should upgrade to the latest version (opens in new tab) now.
Macro viruses are commonly spread in office documents, and begin a series of actions when the document is opened. As The Register (opens in new tab) reports, unpatched versions of LibreOffice, three vulnerabilities meant is was possible for certain macros to run silently when you opened a document without giving you the opportunity to stop anything suspicious.
- Check out our ultimate guide to the best free office software
- We've also rounded up the best antivirus software
- Microsoft Office vs LibreOffice: everything you need to know
The vulnerabilities involved a feature called LibreLogo (opens in new tab), which is designed for teaching programming. By typing commands using the simple Logo (opens in new tab) programming language, you can control a 'turtle' graphic and move it around the document. It's a fun introduction to coding, but led to a chain of problems.
The first issue was that the Logo commands were converted to the Python (opens in new tab) language without proper safety checks to make sure nothing malicious got through. The second was that all of LibreOffice's built-in macros were flagged as 'fully trusted' regardless of your chosen security settings – including LibreLogo, which is optional but installed by default). The third and final problem was that LibreLogo sent arbitrary Python code in the document to be interpreted – not just explicitly typed commands.
Keep your PC secure
Together, these three vulnerabilities meant that if you received a document containing malicious Python code, it would run automatically when you opened it without asking for confirmation.
Files carrying a macro virus are often sent as email attachments, so always be skeptical of any attachments you aren't expecting, even if they look benign and are a file type you recognize.
LibreOffice should be set to check for updates automatically by default, but you can check your settings by clicking Tools > Options > LibreOffice > Online Update. Here, you can also select whether the software should check for updates daily, weekly, monthly, or whenever you're connected to the internet.
When an update is available, an icon will appear in the menu bar. The update will begin downloading straight away if automatic updates are enabled; if not, you'll need to click it to start the process.
- Check out our guide to the best free anti-malware software