Slashdot Log In
Microsoft Issues Zero-Day Attack Alert For Word
Posted by
kdawson
on Tue Dec 05, 2006 10:51 PM
from the incoming dept.
from the incoming dept.
0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."
Related Stories
[+]
No Fix for Word Next 'Patch Tuesday' 80 comments
Sktea writes "A spokesman for Microsoft has said that they will issue no patches on the next 'Patch Tuesday' for versions of Word vulnerable to the recent zero-day threat. There is no mention whatsoever of the omission in the latest advance notification at the company's security site." From the article: "The software maker is working on a security update, but apparently needs more time. The company did not specify how many flaws Tuesday's updates will address or in which components of Windows the holes lie. The Visual Studio update could offer a patch for a zero-day vulnerability in the developer tools that was made public last month. "
[+]
Technology: Patch Tuesday — IE7 Clean 75 comments
jginspace writes "As per the advance notification, Microsoft's monthly security bulletin, released yesterday, addressed five general Windows issues and one in Visual Studio. It also included a fix for a problem in Outlook Express for a total of seven updates. As patch Tuesdays go it was fairly unremarkable. The only general Windows update labeled 'critical' is for a flaw in Media Player. As usual, there's a cumulative update for Internet Explorer, but significantly, the only versions of IE affected are 5 and 6. Version 7 is clean — which is welcome news in this first update since the upgrade was pushed to the world last month. Microsoft was silent on the two zero-day Word holes, one reported here and a new one. Sans is calling this 'Black Tuesday' and recommends patches be applied urgently for the Visual Studio and Media Player vulnerabilities. Sans is recommending the Heise Offline Update utility covered in a previous story."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Microsoft Recommends.. (Score:5, Funny)
Now might be a good time to try ... (Score:5, Informative)
Parent
Re:Now might be a good time to try ... (Score:5, Insightful)
Yes! Great idea! Just trust all of your internal documents to a random third party company with no privacy guarantees. But hey, at least they've made a vague "Do no evil" promise!!1!
Parent
Re:Now might be a good time to try ... (Score:5, Insightful)
Not that I'm suggesting Microsoft engineered it, mind... but it might not be as bad for them as seems initially
Parent
Re:Microsoft Recommends.. (Score:5, Funny)
Parent
Re:Microsoft Recommends.. (Score:5, Funny)
Parent
Re:Microsoft Recommends.. (Score:5, Insightful)
Maybe the notion of writing all my papers in HTML wasn't so insane after all... no more of these archaic "pages", and it would certainly be a more reliable way of turning in assignments than e-mail attachments. Take care of a formatting stylesheet once, and from there on it's just using the <p> tag to full appropriateness.
Parent
Re:Microsoft Recommends.. (Score:5, Informative)
The usual reason - a local buffer created from the stack set to a fixed size. ie.
char cbuf[MAX_BUFFER];
I would guess that the Microsoft Word document file will be arranged using a chunk data format:
file header followed by object headers with type, version, length, followed by binary data for that object
In this way, unknown chunks can just be skipped over.
It would be no surprise that each programmer coding a particular object (formula, table) would assume that only
they would be theonly one writing read/write routines for their particular object, and choose to use a local stack
buffer to store the raw binary data, before converting it to the internal data structure.
When reading the document, they would just read the header as normal (type,version,length), then read the specified
amount of object data without checking the validity of the length.
And it only takes one programmer to make this mistake in order to create a security vulnerability that compromises
the entire application. Get the right type of data in the Word document, and you could theoretically load and execute
some executable code stored the file.
Parent
Re:Microsoft Recommends.. (Score:5, Insightful)
It's probably closer to the mark than "receive unexpectedly". If someone in a corporation became infected, and they infect documents on a shared network location -- game over. Other users don't have to "receive" it via a classic-email virus, but rather they just have to go about their daily business. You touched on this yourself, and it is why this does basically mean "there be dragons" for all word files in corporations.
Phew! Now that we know that the burgeoning community of Vista users will be "largely unaffected", we're safe! That comprises the set that downloaded and installed the RTM from MSDN, so at a minimum, around an installed base comparable to QNX.
In any case, "largely unaffected" is more deceptive than the Slashdot summary (which came right from Cnet) -- the risk of compromises nowadays are seldom that they'll reconfigure your drivers or repartition your drive, thus requiring admin rights (when was the last time a virus was actually maliciously destructive in such a manner?), but rather that they'll compromise data integrity/security. If Bob is a normal user, but he's in HR and thus has rights to HR information, then so does an exploit running as Bob the unprivileged numbers-monkey.
Parent
Re:Microsoft Recommends.. (Score:5, Insightful)
As for being hardly affected, it simply says LESS affected. What's to prevent the trojan from taking over your Outlook client and using it to send spam and propagate itself to everyone you know as well. Doesn't take root to do that, nor countless other things.
Parent
Looks like a long work day tomorrow (Score:5, Funny)
Oh, wait - I don't do anything anyway and my life revolves around Excel.
Nevermind.
Re:Looks like a long work day tomorrow (Score:5, Funny)
very alone
Parent
Re:Looks like a long work day tomorrow (Score:5, Funny)
Parent
Lets see... (Score:5, Funny)
So let me get this straight... For the time being the only safe Word files are new files that other people don't need to open?
But hey, you saved a ton of money on retraining costs.
what about OO.org? (Score:5, Insightful)
Work-Around = OpenOffice (Score:5, Informative)
Just to be safe.. (Score:5, Funny)
Oh, great! (Score:5, Funny)
Yet ANOTHER feature Word has that OpenOffice doesn't. :(
This aughta make FINALS more interesting... (Score:5, Funny)
My final project for the semester is attached as a Word document. If you have any problems reading it, please let me know. Me and everyone else in your address book.
Don't have to worry about grading it. By the time you read this, I will have used the root-kit to grade it myself.
Nice porn, by the way! You dog! We'll make this our little secret.
love,
toodles
Exercise caution... (Score:5, Funny)
we're all going to die.... (Score:5, Funny)
Re:Article Summary is Flamebait (Score:5, Insightful)
Really? I get documents that I'm not expecting all the time. I never have any fears opening Latex documents from anybody. You Microsoft folks sure have funny security.
Parent
Re:Article Summary is Flamebait (Score:5, Funny)
Parent
Re:zero day (Score:5, Informative)
Parent
Re:Bah, typical bullshit non-edited craptastic blu (Score:5, Funny)
Parent