No Fix for Word Next 'Patch Tuesday' 80
Sktea writes "A spokesman for Microsoft has said that they will issue no patches on the next 'Patch Tuesday' for versions of Word vulnerable to the recent zero-day threat. There is no mention whatsoever of the omission in the latest advance notification at the company's security site." From the article: "The software maker is working on a security update, but apparently needs more time. The company did not specify how many flaws Tuesday's updates will address or in which components of Windows the holes lie. The Visual Studio update could offer a patch for a zero-day vulnerability in the developer tools that was made public last month. "
Does this mean a new catch phrase? (Score:5, Funny)
Re: (Score:2, Insightful)
Re: (Score:3, Insightful)
Believe it or not, there exists a non-trivial percentage of end users who seek out and pay for software upgrades that provide new features. I, for one, eagerly await Adobe Photoshop CS3. Some of us are not so cheap and actually have specific needs and desires for improved productivity and functionality.
Then, of course, there's also corporate IT. That'
Re: (Score:2)
Re:Does this mean a new catch phrase? (Score:5, Insightful)
Re: (Score:2, Insightful)
Re: (Score:1)
You paid for the thing, transaction is done. If the product is faulty under warranty (2 years where I live), demand a refund or accept to use a broken piece of something. If hit unknowingly, sue for damages.
Re:Does this mean a new catch phrase? (Score:4, Funny)
They don't have time to patch (Score:5, Insightful)
Re: (Score:2)
Tom
Re: (Score:2)
Re: (Score:2)
Let's narrow the fire bombing down a bit. What's the zipcode of 1 Microsoft Way?
Tom
Re: (Score:2)
Re: (Score:1)
How handy!
Re: (Score:2)
I'm inclined to think they would, considering how much faster the Wii is selling than the Xbox 360.
Re: (Score:2)
Re:They don't have time to patch (Score:4, Insightful)
Exactly. Who cares about existing users in markets they already control, who are addicted to you and will stay with you forever? After all, when you have to spend all of this time throwing chairs about, f**king killing Google, figuring out ways to steal Apple's successful online music business out from under them, and scheming to keep those Linux guys from getting anywhere, you can't be focused on such silly things as customer support. No siree! Win, win, win! That's what I always say!
But... (Score:2, Interesting)
Re: (Score:2)
No it doesn't. Here's the text. Read it carefully. It's very complicated:
Do not open or save Word files [the part you conveniently left out]that you receive from un-trusted or that are received unexpected from trusted sources.
Got it? I hope so. This suggestion is ALWAYS true, regardless of whatever known bugs there may be in existence at the time.
Re:But... (Score:5, Insightful)
"Expected" is the tricky word there. Most people who receive Word docs in the course of work expect their normal, trusted sources to send them documents that are themselves somewhat new, newsworthy, you know, containing information that's worth sending. A doc that's totally expected probably didn't need to be sent.
Let's say you're the editor of a newsletter or magazine. You expect docs from a few score people who occassionally submit stuff. You expect them to show up with e-mails that say, "Hi George, Here it is!" The bad guys can easily fake that stuff - and often do - but you're a normal editor, not a security expert, so you give the normal English reading to "receive unexpected," and this stuff all looks like stuff you expected, so you open it....
What Microsoft should say is, "Don't open any attached docs without phoning the source first and specifically confirming the file." As it is, they're saying just enough to cover their ass ("We warned you!"), without saying enough to enable the typical user to really practice safe Word use.
Re: (Score:1)
Sir, I commend your use of capitalization here. However, with Google's default case insensitivity, I bet your message ends up as a result of some pretty interesting searches.
(-1) Did not actually read advisory (Score:2)
Before talking about the solution, why not go read the advisory [microsoft.com] first?
From TFAdvistory:
Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.
Let me translate for you: Do not open random word documents downloaded from unknown sources because they could be infected. If somebody sends you an email with a document you weren't expecting or without any context (ie su
Re: (Score:2, Interesting)
Re: (Score:2, Interesting)
Re: (Score:2)
A wise man sends his resumes and letters as
Re: (Score:2)
That depends on the job. If it's a job for a technical position, ask the applicant to send you their resume as a PDF instead.
If the originator has a virus that sends out infected docs, they'll get your request and say, "huh?". If the originator did send the resume, but it's infected, the PDF won't be (or at least your PDF reader probably won't have the vulnerability). If the originator can't figure out how to do create a PDF, you probably don't want to hire them into a technical position ;-) If it's a
(-1) Did not actually read posting (Score:2)
The response was to indicate that Microsoft did not in fact say "do not open any MS word document". I'm not saying the bug is not bad/annoying/reason to switch to Linux, but saying that the grandparent didn't read the advisory and was spreading the usual misinformation that just happens to sound good to most people here.
Re: (Score:1)
I've always found that "Mentions you!" does the trick.
Re: (Score:2)
Right. If I wanted to take advantage of an exploit, I'd make sure I infected files that were about to sent and were to expected. Not sure how I would be able to tell those files, but still - perhaps prefer n
Re:uninsightful (Score:4, Funny)
Re: (Score:2, Funny)
obligatory
Re: (Score:2)
The point implied was that since everyone in fact does use Word, the it is not cool. You see the play on words there? You see what he did? He said the opposite of what he meant. That is called sarcasm. But I'm sure you don't need me to tell you that.
Popeye (Score:3, Funny)
Re: (Score:1)
Re: (Score:1)
Ok, bad guys, you heard 'em: they need more time!! (Score:3, Funny)
So be nice and give 'em a few extra days to come up with some patches (it's the sporting thing to do!!) After all, all that innovation makes it tough to respond quickly to threats to their legacy apps!!
Re:Ok, bad guys, you heard 'em: they need more tim (Score:2)
So be nice and give 'em a few extra days to come up with some patches (it's the sporting thing to do!!) After all, all that innovation makes it tough to respond quickly to threats to their legacy apps!!
I understand the irony of your comment, but it is true. While the OpenOffice.org team might be able to come up with a patch to their word processor in a day (even in spite the amazing amount of innovation they do to make sure their office suite of applications looks and functions nothing like the competition) they don't have to worry much about things like backwards compatibility. So what if some small part of OOo breaks? I doubt they have thousands of test cases to run to ensure that it remains compati
Re: (Score:1)
Re: (Score:1)
word 2000 documents open fine in word 2003. If word 2003 docs opened perfectly in word 2000, how would microsoft ever get you to upgrade?
Re: (Score:2)
Actually, I started to craft a clever but sarcastic response to this statement (in keeping with my clever but sarcastic personality) and I realized there's really quite a bit of difference between the two versions of Word (not actually being a Word user myself -- I just don't have much use for a word processor most of the time -- I consider Excel to be the single most powerful application Microsoft sells; I
Open Office...Star Office (Score:2)
I personally am glad that I don't use Microsoft for my Office needs.
Word 2007 (Score:2)
Heh heh heh. Did I just imply a conspiracy? No really. That would be totally stupid, unethical, immoral...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Word 2007 (Score:4, Interesting)
Re: (Score:2)
Shucks (Score:3, Funny)
And why should they? The devs are still trying to finish Twilight Princess on the Wii, goshdarnit. Leave them be! The users can last without opening any attachments from anybody for a little while longer, right?
I'm not at all surprised or unhappy (Score:2, Insightful)
Re: (Score:3, Funny)
Typed: ", the world isn't perfect."
Corrected ", Word isn't perfect."
Re: (Score:2)
Spoken as: ", the world isn't perfect."
Written as: "Dear aunt, let's set so double the killer delete select all"
Re: (Score:1)
Typo Notification Post
Typed: "Typo Notifaction Post"
Corrected: "Typo Notification Post"
Re: (Score:2)
Re: (Score:1)
Dude! You missed the perfect pun! Let me help:
I'd prefer it wasn't there to begin with, but hey, the word isn't perfect.
Why would they? (Score:4, Interesting)
My first thought leads me to ask, why would there be any mention of bug fixes that are not included in a patch cluster's content notification? Why would any company specifically call out features that are not being provided in a particular software distribution, in circumstances other than the discovery of a clear and consistent workaround (aside from the standard "temporarily avoid use of [software x]")?
The situation of miscellaneous zero-day exploits must be embarrassing enough already; I couldn't imagine them calling even more attention to it. "Hey, guess what we're not fixing next week. Check it out!"
Here's how we get it fixed. (Score:4, Funny)
To:
There, much better. I guarantee Microsoft will release a patch *immediately*.
So Is Everybody Using NotePad or What? (Score:2, Informative)
I talked to a friend whose corporate computer was infested by spyware that planted porno on his system. He paid the blackmail for the antispyware to remove it. A month later he de-installed the antispyware and guess what - the porno returned.
Re: (Score:1)
". . .uh, er, . . . it must've been that dang spyware again! I swear!"
Re: (Score:1)
Good question!
Just this week Slashdot just reminded me of LibraryThing, so I signed up and turned my bookshelf into a big mess. I found one old (which is to say, early 1990s) book about desktop publishing.
And what that book has to say about word processing?
"The editors of your publication can use any word processor they want", it said.
How are other IT departments dealing with this? (Score:1)
Re: (Score:1)
A swift kick in the pants (Score:1)
meanwhile, firefox... (Score:1, Offtopic)
Re: (Score:2)
(disclaimer: i'm not a windows
mein gott in himmel (Score:1)
"There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."
I can't contain language on this one: When the fuck wil MS take their prodcuts off the market and just go away?