MacInTouch Amazon link...

Microsoft Office

Channels
Security, Products


Microsoft released a security update to Office 2016 Mac, version 16.13. This version makes it mandatory that your share diagnostic data with Microsoft. You can select the extent to which you wish to share but you cannot turn it off as you could in earlier versions. If you have already updated and wish to downgrade to 16.12 you can do so by trashing the applications you wish to downgrade and running the 16.12 installer which can be found at

https://support.office.com/en-us/article/update-history-for-office-2016-for-mac-700cab62-0d67-4f23-947b-3686cb1a8eb7#bkmk_history

If you are downgrading Outlook read this information for downgrading to version 15 which includes special information for Outlook users.

https://support.office.com/en-us/article/how-to-go-back-to-office-2016-for-mac-15-xx-versions-from-16-xx-e88ed6c8-6fb4-40a1-9540-529000d3d20f
 


Microsoft released a security update to Office 2016 Mac, version 16.13. This version makes it mandatory that your share diagnostic data with Microsoft. You can select the extent to which you wish to share but you cannot turn it off as you could in earlier versions.
Wow! That's really naughty - well spotted. What is not clear is whether this diagnostic data is sent even if you have "Send personal information to Microsoft to make improvements to Office" unticked. I just updated and there was no warning that this change had taken effect when I relaunched the apps, so maybe data isn't sent with that setting unticked - it's just not clear. Not only that, if it does send data it defaults to the higher "Send full diagnostic data" setting! And, note that the setting is for each individual Microsoft Office application too.

Here's a picture of the the preferences before (v16.12 or earlier):

Microsoft Office 2016 v16.12 Preferences

Here are the preferences after (v16.13 or later):

Microsoft Office 2016 v16.13 Preferences

You probably need to visit preferences in each Microsoft Office application (Word, Excel, PowerPoint and Outlook) and set them to the lower diagnostic data setting just in case.
 
Last edited by a moderator:


Wow! That's really naughty - well spotted. What is not clear is whether this diagnostic data is sent even if you have "Send personal information to Microsoft to make improvements to Office" unticked. I just updated and there was no warning that this change had taken effect when I relaunched the apps, so maybe data isn't sent with that setting unticked - it's just not clear. Not only that, if it does send data it defaults to the higher "Send full diagnostic data" setting! And, note that the setting is for each individual Microsoft Office application too.

Here's a picture of the the preferences before (v16.12 or earlier):

Microsoft Office 2016 v16.12 Preferences

Here are the preferences after (v16.13 or later):

Microsoft Office 2016 v16.13 Preferences

You probably need to visit preferences in each Microsoft Office application (Word, Excel, PowerPoint and Outlook) and set them to the lower diagnostic data setting just in case.
Wondering if anyone might know the correct settings to apply to Little Snitch to cut it off completely. In other words: keep the updates coming but, otherwise, stop it from calling the mothership.
 
Last edited by a moderator:


Windows 10 "Enterprise" is supposed to enable the large users who get it as a matter of course to shut down telemetry. Apparently, not so much:

https://winaero.com/blog/even-with-telemetry-disabled-windows-10-sends-a-lot-of-info-back-to-microsoft/

On a recent security focused podcast on participant noted that neither VPNs nor hosts block Win10 from phoning home, e.g.:

https://www.petri.com/windows-10-ignoring-hosts-file-specific-name-resolution

So I'd at least consider that "Office" on a Mac may have an ability to phone home around Little Snitch. If not, and a user opens Little Snitch to update, log files can be very small text files, accumulated for a bulk send.

MSFT is reported to have many domains not obviously owned by the company. Even if Windows didn't "end-run" the computer's hosts file, setting up a router to block all possible domains to which Win 10 can phone home would be difficult to impossible.

Primer: https://encrypt-the-planet.com/windows-10-anti-spy-host-file/

Again, that's Win 10. Office on a Mac may not be as persistent.

As I've commented before, the amount of bi-directional telemetry between a Mac and Apple is astonishing. We don't know what's going back to Apple. And MSFT telemetry is encrypted, so what's being phoned home is unknowable.

Tin-foil hat or not? This Czech site (translated by Google) claims some insight into what Win 10 phones home:
Link to "Windows 10 Analysis: In its principle, it is a mere terminal for collecting information about the user, his fingers, eyes and voice!"
 


Wondering if anyone might know the correct settings to apply to Little Snitch to cut it off completely. In other words: keep the updates coming but, otherwise, stop it from calling the mothership.
This thread is making me nervous and unsure of how to proceed.

I consult on economics for urban design and receive files and data for use in Excel for which I must agree to confidentiality, such as GIS files for the entire city, along with the tax records to identify patterns of land use and value. If Microsoft is secretly uploading data, how can I possibly agree to keep anything confidential? My Errors and Omissions insurance is void if I do not honor this responsibility.

So if I stay on the not-updated version can I know if it is phoning home? And if Microsoft has made it so phoning home cannot be stopped then I will have to throw away the software and go to Libre or another open source spreadsheet that can output in an Excel format, so that clients can use it and I can keep my insurance and liability protection.

Is this a correct analysis?
 
Last edited by a moderator:



re: Telemetry

Here's the diagnostic data MSFT says it collects from Office in "Basic":
  • Connectivity and configuration data such as the version of Office in use; and the name, version, and publisher of any add-ins installed and being used in Office
  • Whether Office is ready for an update and if there are factors that may impede the ability to receive updates
  • Whether updates install successfully
  • Data about the reliability of the diagnostics collection system
  • Basic error reporting, which is health data about the Office programs running on your device; for example if a program such as Word hangs or crashes
Some sounds "harmless," yet we really don't know what it means. The language is broad enough that "connectivity data" might permit MSFT to look inside your Dropbox. Running a Tor Browser might so use your bandwidth to "impede" MSFT updates. Could "health data" include text on-screen if Word crashes?

For comparison, consider this straightforward language from Ubuntu about Apport, Ubuntu's bug tracking and diagnostic tool, disabled by default because:

"Apport collects potentially sensitive data, such as core dumps, stack traces, and log files. They can contain passwords, credit card numbers, serial numbers, and other private material..."

Link to Description of Apport
 


Just a data point:

Before I read this report, I had installed the Office update on one system but had not subsequently opened any Office app on that system.

When I opened Word for the first time after the update, I was presented with the dialog asking me to choose between basic and full diagnostic data. That dialog has a close-window button, which I clicked. The dialog closed, there was a spinning cursor for a few moments, and then Word went into the usual features screen it shows post-update.

I then looked at the preferences, and the "full diagnostic data" option was selected. So it apparently enables the behaviour even though I have never clicked on the "accept" button in the dialog that it tries to force you to click.

I haven't had time to try to work out whether the information sent back is covered by Australian privacy legislation. If it does, MS might have a problem on its hands for Australian users.
 


... I consult on economics for urban design and receive files and data for use in Excel for which I must agree to confidentiality, such as GIS files for the entire city, along with the tax records to identify patterns of land use and value. If Microsoft is secretly uploading data, how can I possibly agree to keep anything confidential?
Microsoft wouldn't dare upload the content of a document. If they did, the backlash would jeopardize their business. Of course, a user (or IT department) could choose to store documents in the cloud, including Microsoft's One Drive. AFAIK, One Drive is HIPAA-compliant - that means Microsoft cannot examine the content of any document stored in One Drive.

It's an ongoing debate if it's ethical to upload usage statistics without the user's knowledge. It's certainly unethical to upload document content (with the exception of storing it in the cloud).
 


Microsoft wouldn't dare upload the content of a document. If they did, the backlash would jeopardize their business.
Maybe. From the Microsoft link provided above by Victor Leuci:
Enhanced error reporting, including the memory state of the device when program crash occurs (which may unintentionally contain parts of a file you were using when the problem occurred)
 


Microsoft wouldn't dare upload the content of a document. If they did, the backlash would jeopardize their business.
No, they won't explicitly upload your document, but if the app crashes and they upload its memory-image (e.g. a "core dump") at the time of the crash, then some or all of your document's content (possibly from several documents, including some you had already closed) will be in there.

Hence the reason for the two levels of diagnostic data. A full core dump is very beneficial to the developers trying to fix the problem, but it can contain proprietary data. So they give you the choice whether or not to include it (and other similar kinds of information) with the reporting.
 


Maybe. From the Microsoft link provided above by Victor Leuci: Enhanced error reporting, including the memory state of the device when program crash occurs (which may unintentionally contain parts of a file you were using when the problem occurred)
Thanks for pointing this out, I wasn't aware of this pitfall. This is part of the full diagnostic data but not the basic diagnostic data. in my opinion, everyone should choose Basic diagnostic data. Ideally, Microsoft should restore the option of not phoning home.

One of my clients has to be HIPAA-compliant. Clearly, I need to make sure Basic is turned on for every Mac and for every user.
 
Last edited by a moderator:


The corporatese explanation of what "Basic" collects is too vague, and in any case recent experience with a variety of tech companies is too unsettling to allow Microsoft to get away with anything other than (1) default of no data slurping and (2) "diagnostic" data sending only when explicitly selected by the user, and only then when what is sent is not only explained, but a human-readable copy is available to the user.

My guess, given the timing of this "change," is that Microsoft has been slurping "full" information all along, and only the May 25 deadline for compliance with the EU's GPDR has prompted Microsoft to gives the users a "choice" that is in fact no choice at all.
 




Agreed - and remember, you need to set this for each individual Office 2016 application!
Dear Microsoft: thanks for thinking this through before foisting it upon millions of users. To ensure that my HIPAA client remains compliant, I now have to set the preferences in all five apps for every user on 20 Macs. Some Macs have over a dozen users. Thanks again for your foresight.

I wrote a Bash script to automate fixing this draconian debacle ASAP. It loops through all the users on a Mac, checking for the five Office apps: Excel, OneNote, Outlook, PowerPoint, and Word. If the user has already run one of the Office apps, it uses "defaults write" to set the diagnostic to Basic. If the user hasn't run an app, the script copies a container containing the preference. This requires that one user has set the diagnostic preference to Basic in all Office apps (so all the Containers are present). The script checks to be sure the user who'll be copied from has been entered. Since I have an admin account on all my client's Macs, this makes it easy.

The script needs to be edited to enter a variable value, and it needs to be run as root. If you're not comfortable working with Terminal and the command line, I advise waiting to see what Microsoft does with next month's updates. I put the script on my web site at http://www.SamIsIT.com/pushofficebasicdiags2allusers.zip

Although I tested this on my Mac, I make no guarantees. If you can be patient, I'll be testing it at my client's on many Macs this coming weekend.
 


I put the script on my web site ...
I'm updating the script by adding more error checking. I'm adding another script that changes just the current user. Please forgive me: I'm commenting the code and writing a read-me. ;)

I'll post more after I've testing the multi-user script more thoroughly.
 


Just a data point:

Before I read this report, I had installed the Office update on one system but had not subsequently opened any Office app on that system.

When I opened Word for the first time after the update, I was presented with the dialog asking me to choose between basic and full diagnostic data. That dialog has a close-window button, which I clicked. The dialog closed, there was a spinning cursor for a few moments, and then Word went into the usual features screen it shows post-update.

I then looked at the preferences, and the "full diagnostic data" option was selected. So it apparently enables the behaviour even though I have never clicked on the "accept" button in the dialog that it tries to force you to click.

I haven't had time to try to work out whether the information sent back is covered by Australian privacy legislation. If it does, MS might have a problem on its hands for Australian users.
I too closed the window without clicking on "Accept,” but upon re-opening each Office app the program would again request that I "Accept" the dialog. I reset the Basic option for each app and I did accept Powerpoint, but not the others. Upon re-opening Powerpoint, the message did not come up again; however, the other Office apps still are wanting me to accept the terms.
 


MHO, everyone should choose Basic diagnostic data. Ideally, Microsoft should restore the option of not phoning home.

One of my clients has to be HIPAA-compliant. Clearly, I need to make sure Basic is turned on for every Mac and for every user.
I have several rules in Little Snitch that prohibit data being transmitted to Microsoft. Big block. It doesn't seem to inhibit any functionality in Office.
 


When I first open each Office app I am asked to chose what level (basic or full) I want to chose. Here is the URL for their description of what they collect with each level:
When I open each Office app, I am given the same choice. I ignore the choices and click the red "close dialog box" button. The next time I launch the app, I get the same message.
Yes, this is annoying, but I haven't agreed to anything, so I can only assume that Microsoft isn't mining anything from me.
 


I have several rules in Little Snitch that prohibit data being transmitted to Microsoft. Big block. It doesn't seem to inhibit any functionality in Office.
A great solution, but one that won't work for my client. Non-savvy users who can't find an app that's not in their Dock will be bewildered when Little Snitch pops up a dialog. Auto-approving new rules wouldn't assure Microsoft couldn't phone home if they change their software. Little Snitch doesn't have global rules yet, so I'd have to configure one account and push its rules to the others.
 



Yesterday Microsoft released Office 16.13.1. Today (2018-05-24) they released a second Office 16.13.1. The release notes say:
Version: 16.13.1 (Build 18052304)

This release fixes an issue with diagnostic data settings.
I didn't install any of yesterday's 16.13.1 updates. I installed today's 16.13.1 Outlook update and checked the Send diagnostic data setting. It still has only Basic and Full with no ability to turn it off. I edited the .plist for Excel and removed the setting to see what today's Excel would do. It defaulted to sending full diagnostic data.

My takeaway is:
  • We still don't have a single Office-wide setting for sending diagnostic data.
  • We still can't turn sending diagnostic data off.
  • Office 2016 is still not HIPAA compliant since it defaults to sending full diagnostic data (which may include document content).
 


What’s the plist setting to change to basic? At least I can drop that into a login script across machines so we don’t need to change it manually.
 


What’s the plist setting to change to basic? At least I can drop that into a login script across machines so we don’t need to change it manually.
The key is DiagnosticDataTypePreference, the string value is "BasicDiagnosticData".

You may want to hold off writing a script. I posted that I've written two bash scripts to set the current user's prefs and another that will set all users' prefs. I'll be testing them tomorrow (Sunday May 27) at a client. Once I'm positive they work 100% on a different Mac I'll upload them and post here again.
 


My scripts are finished and have been tested on 20 Macs. There are two scripts which are run from the command line in Terminal. They're in a zip archive on my website at:

The ReadMe should explain what you need to do. (The original archive I posted a link for on May 22 has been deleted.)

The main script ensures that all users have "Send basic diagnostic data" set for all installed Office apps. Optionally, it will ensure that all users have Office's AutoUpdate set to check manually. This should prevent non-admin users from getting nagged to update Office.

Please let me know if you use these, so I can decide if it was worth the many hours of effort to make them easy to use and document the code.
 


My scripts are finished and have been tested on 20 Macs. There are two scripts which are run from the command line in Terminal. They're in a zip archive on my website at:
Thank you, Sam. I've added the information and link to your scripts to my MacStrategy article (Microsoft Office 2016 (365) FAQ) - hopefully, this will save people a lot of time.

In updating my article and checking information and links, I noticed that this diagnostic data debacle also applies to the Office apps for iOS, too, but strangely, not OneNote (Mac or iOS) - see "applies to" at Diagnostic data in Office.

Also the setting in the iOS app is worded differently - it says "Send personal information to Microsoft to make improvements to Office • You can opt out anytime by turning this setting off", which would indicate unticking.

"Send personal information to Microsoft to make improvements to Office" in the Mac apps Preferences means no data is sent at all. I really wish Microsoft would make this clear for their Mac apps.
 


... "Send personal information to Microsoft to make improvements to Office" in the Mac apps Preferences means no data is sent at all. ...
Graham: do you mean that when "Send personal information..." is unchecked the diagnostic data is not sent?

My understanding is that "Send personal information..." really means "Include personal information when sending diagnostic information."

FWIW: "Send personal information..." and "Send xxx diagnostic data .." are separated by a line in preference's Security and Privacy window.
 


Graham: do you mean that when "Send personal information..." is unchecked the diagnostic data is not sent?

My understanding is that "Send personal information..." really means "Include personal information when sending diagnostic information."

FWIW: "Send personal information..." and "Send xxx diagnostic data .." are separated by a line in preference's Security and Privacy window.
This is exactly my point - my understanding of the situation is the same as you. Microsoft do not make it clear.

"Send personal information..." and "Send xxx diagnostic data .." are separated by a line in Office for Mac Preference's Security & Privacy window. Also, regardless of whether you tick or untick the first option, the basic and full diagnostic data options are visible, not greyed out and selectable with radio buttons. User interface rules would therefore suggest they are separate things - but then, when has Microsoft ever followed interface/programming rules?

On iOS, in the Office for iOS app settings > Privacy > Help Us Improve section, these things are not separated and the wording includes "You can opt out anytime by turning this setting off", indicating that the two are linked and if you turn the main setting off, no data, including diagnostic data, will not be sent to Microsoft. Albeit, again, this is not totally clear.

Personally, I would like to hope that they linked in both the macOS and iOS apps, it's just bad wording/interface design, and that with the relevant main setting unticked/switched off, no data at all is sent back to Microsoft. But, in the meantime, until this is cleared up, the safest thing to do is set all diagnostic data settings to "basic" for all Office apps on macOS (all users/accounts) and on all iOS devices with the software installed.
 


My scripts are ... on my website at:
Sams_Scripts_To_Set_Office_Prefs ...
I found an unlikely edge-case issue when my script was launched in a way not listed in the ReadMe's instructions. The result was that Office's prefs had the wrong permissions, which made Office apps behave weirdly. If I unintentionally ran the script incorrectly while testing, it's safe to assume others may make the same mistake.

If you downloaded my scripts, please download them again. If you ran the script and had issues with any Office apps, download them and run them again.

I also changed the script to accept no parameters. This makes it even simpler to have a one-step fix for all users. Read the ReadMe for details.
 


Ric Ford

MacInTouch
This seems noteworthy:
John Leyden said:
Excel zero-day on macOS reloaded
Security researchers have renewed their warnings over a zero-day vulnerability impacting Microsoft Excel which may allow for the automatic and silent execution of embedded macros on macOS, in some scenarios.

The bug, which involves the processing of XLM macros (a legacy format) in SYmbolic LinK (Sylk) files, was originally discovered by Pieter Ceelen of Outflank, who went public with his findings after a presentation at the DerbyCon conference last year.

The security shortcoming was first demonstrated in Office 2011 for Mac.

Although the security flaw was recently found to impact all recent versions of Microsoft Office for macOS – rather than simply the long obsolete Office 2011 – the practical impact of the bug is still low due to a combination of application sandboxing and recent security enhancements found in macOS Catalina.
#security
 





Worth noting perhaps that, as of this 16.31 update, High Sierra 10.13 or above is now required. :-(
I noted the move to new requirements before and how this perpetuates forced obsolescence/updates/upgrades. And, this is now an interesting trap. If you're on Office 2019 v16.30 but running macOS 10.12 you now can't get Office security updates unless you upgrade your macOS (forced OS upgrade). However, if you had Office 2016 v16.16.16 (which runs on OS X 10.11 or later) you do get security updates. But there's no easy way back from Office 2019 to 2016, specifically for Outlook data (unless you have all its data in the cloud)! Nasty!
 



Ric Ford

MacInTouch
There is an app which has been around forever that does a stellar job of migrating stored email from virtually any format to any other format. Highly recommended:
Emailchemy.
I can also recommend this product, which successfully migrated my Eudora email to Thunderbird/Postbox. I wouldn't say it's quite perfect, as there were a few glitched emails in a huge conversion (and I'm not sure exactly why or how to recover/fix those emails), but I don't know of anything better, and there are several different ways of converting emails. (I only tried one.)
 


But there's no easy way back from Office 2019 to 2016, specifically for Outlook data (unless you have all its data in the cloud)! Nasty!
Microsoft has a support article about moving to Office 2016 for Mac from Office 2019 for Mac.


While the procedure is fairly straightforward for Excel, OneNote, PowerPoint, and Word, Graham is right to point out the challenge of moving from Outlook 2019 to Outlook 2016.

One thing to keep in mind is that Outlook manages more than just email messages; it also stores calendar entries, contacts, and other data.

If your data is stored on an Exchange server (including an Office 365 Exchange server), an IMAP server, or other supported cloud resource, like Google Calendar, it's not too much of a problem simply to start from scratch by connecting a clean Outlook 2016 installation to those cloud/server-based resources.

However, there are scenarios where data has been removed from servers and may only be available through your local Outlook profile. The biggest examples include POP mail messages and archived Exchange data. If you have any of those types of data, you'll need to take special care to ensure those types of data are preserved when migrating across Outlook versions.

Tools like Emailchemy can help migrate email messages, while contacts and calendar entries require other methods.

My hunch is that by far the easiest and best approach would be to export the Outlook 2019 data via OLM files (Microsoft's official Mac Outlook archive/export format) and to import the OLM files into Outlook 2016, assuming that the OLM formats are compatible. I suppose there may be some newer but relatively rarely used features that would fail to transfer.

FWIW, I just posted a question asking about importing Outlook 2019 OLM files into Outlook 2016 on the Microsoft support forums. We'll see whether there are any answers better than "upgrade to something newer than Sierra, you gray-bearded Luddite!"

PS. Evidently, Catalina 10.15.1 introduced some crashing problems with Word on "mid-2015 MacBook Pro laptops that are using a combination of a discrete Radeon graphics card and an onboard Intel Iris Pro card." The Word 16.31 November update includes a "temporary workaround" for the problem.
 


PS. Evidently, Catalina 10.15.1 introduced some crashing problems with Word on "mid-2015 MacBook Pro laptops that are using a combination of a discrete Radeon graphics card and an onboard Intel Iris Pro card." The Word 16.31 November update includes a "temporary workaround" for the problem.
Eek! I have one of those. Yet another reason to continue holding off on Catalina. Along with holding off on iOS 13, it's getting so you have to wait until just before they jump to the next OS before upgrading to the not latest and greatest....
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts