While never fully lifting the export restrictions on cryptographic products, the export control restrictions became mostly nonexistent by 2000. However, Microsoft continued using weak encryption for several more years in Office XP and 2003. These versions of Microsoft Office use Office 97 encryption and hashing by default. As a result, most Office XP and Office 2003 documents can be decrypted in a matter of seconds with Elcomsoft Advanced Office Recovery using Thunder Tables.
Microsoft Office files can be password-protected in order to prevent tampering and ensure data integrity. But password-protected documents from earlier versions of Office are susceptible to having their hashes extracted with a simple program called office2john. Those extracted hashes can then be cracked using John the Ripper and Hashcat.
In regards to this specific attack, using Microsoft Office 2016 or 2019 documents or newer may not be effective, since office2john is designed to work on earlier versions of Office. However, as you can see above, Office 2016 may very well spit out a 2013 document without the user even knowing, so it doesn't mean a "new" file can't be cracked. Plus, there are still plenty of older Microsoft Office documents floating around out there, and some organizations continue to use these older versions, making this attack still very feasible today.
Today, we learned that password-protected Microsoft Office files are not quite as secure as one would be led to believe. We used a tool called office2john to extract the hash of a DOCX file, and then cracked that hash using John the Ripper and Hashcat. These types of files are still commonly used today, so if you come across one that has a password on it, rest easy knowing that there is a way to crack it. 2b1af7f3a8