I know this must be a stupid question to ask, but why does a document writing tool need security updates? Can someone hack in and write documents on your behalf?
Macros are the really obvious one. But generally you need security patches any time you are running untrusted content from the internet. What happens if a malicious document overflows a buffer and gains code execution?
This is a particularly big concern with Word since its data format is essentially a direct binary copy of its memory structures.
That's mostly the old DOC, XLS, etc. which is a binary file format. DOCX, XLSX, etc. are XML-based, I believe?
But yeah, to the parent of yours, Office has a lot of features of embedding and triggering dynamic content, and people are constantly finding creative new ways to infect Office files. Security updates for Office is a critical as security updates for your PC.
This is a particularly big concern with Word since its data format is essentially a direct binary copy of its memory structures.
https://www.joelonsoftware.com/2008/02/19/why-are-the-micros...