Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Bug IT

Microsoft Issues Zero-Day Attack Alert For Word 483

Posted by kdawson from the incoming dept.
0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."
This discussion has been archived. No new comments can be posted.

Microsoft Issues Zero-Day Attack Alert For Word More

Microsoft Issues Zero-Day Attack Alert For Word

Comments Filter:

  • Now might be a good time to try ... (Score:5, Informative)

    by Anonymous Coward on Tuesday December 05, 2006 @10:58PM (#17123614)
    http://docs.google.com/ [google.com]

  • Work-Around = OpenOffice (Score:5, Informative)

    by Tsu Dho Nimh ( 663417 ) <abacaxiNO@SPAMhotmail.com> on Tuesday December 05, 2006 @11:00PM (#17123640)
    In the meantime, download and use OpenOffice [openoffice.org]

  • Misleading summary (Score:4, Informative)

    by 2cv ( 651583 ) on Tuesday December 05, 2006 @11:04PM (#17123696)
    The Security Advisory doesn't say not to open any DOC files. It says:
    Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources. This vulnerability could be exploited when a user opens a file.
    I wish sometimes I could mod article summaries...

    2cv

  • Article Summary is Flamebait (Score:2, Informative)

    by Somegeek ( 624100 ) on Tuesday December 05, 2006 @11:05PM (#17123704)
    Hey, I like to bash Microsoft as much as the next guy, but there is a pretty bad rewrite going on here.

    Microsoft DOES NOT suggest that

    users 'not open or save Word files,' even from trusted sources."
    as stated in the summary.

    What they do say is :

    Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources.

    That is nothing more than standard precautions that one should take anyway. If you aren't expecting an attachment, don't open it. If you are expecting it, and it is from a trusted source, go ahead.

    Nothing to see here, move along...

  • Blurb slightly-FUD (Score:3, Informative)

    by Repton ( 60818 ) on Tuesday December 05, 2006 @11:06PM (#17123722) Homepage

    The actual quote from the Microsoft page is:

    Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file.

    If you send an email to Fred saying "Can you send me xxxx", and Fred replies, saying "Here it is", you can probably safely open the attachment. You should just exercise caution when Fred sends you an email out of the blue saying "Hey, read this would you?".

  • Bah, typical bullshit non-edited craptastic blurb (Score:3, Informative)

    by beavis88 ( 25983 ) on Tuesday December 05, 2006 @11:08PM (#17123738)
    And typical me not reading TF security advisory before posting. The actual wording from Microsoft is:

    Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.

  • Re:zero day (Score:3, Informative)

    by kcbanner ( 929309 ) on Tuesday December 05, 2006 @11:09PM (#17123750) Homepage Journal
    It means an exploit there is no patch for! Its the zeroth day that they know about it :P

  • Re:zero day (Score:4, Informative)

    by DebateG ( 1001165 ) on Tuesday December 05, 2006 @11:18PM (#17123830)
    Zero day [wikipedia.org]: At the time the details of the exploit are published (or the patch is released), there already is an active exploit being circulated. I guess if you don't know exactly when the exploit was released it's a technically "less than or equal to zero-day" exploit, but that doesn't sound as sexy.

  • Re:zero day (Score:5, Informative)

    by LarsG ( 31008 ) on Tuesday December 05, 2006 @11:19PM (#17123836) Journal
    It means that there is a working exploit out there in the wild, which is using a vulnerability that was previously unknown to the security community / the software maker. That is, there was zero days warning.

  • Re:zero day (Score:3, Informative)

    by nine-times ( 778537 ) <nine.times@gmail.com> on Tuesday December 05, 2006 @11:20PM (#17123864) Homepage
    A simple search [wikipedia.org] would turn up the answer. It basically means there's no warning, and no time to prepare. The exploit's existence is made public the same day as the flaw's existence.

  • OMG OFFICE SUCKS (Score:1, Informative)

    by darkzeroman ( 939170 ) on Tuesday December 05, 2006 @11:21PM (#17123882)
    Why dont you just RTFA? It clearly says "Recommendation: Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources." But instead of reading, people are just to busy to type "OMG OFFICE SUCKS(etc)" or "OPENOFFICE is the BEST" Sidenote: Currently using 2007 Standard Trial, and liking it.

  • Re:Looks like a long work day tomorrow (Score:1, Informative)

    by Anonymous Coward on Tuesday December 05, 2006 @11:29PM (#17123978)
    That's a lot more than two words. Perhaps you should have used the preview button?

  • Re:Zero-day? (Score:3, Informative)

    by Tharkban ( 877186 ) on Tuesday December 05, 2006 @11:41PM (#17124088) Homepage Journal
    I thought Zero-day refered to the first day that a vulnerability is publicly available. Start counting up from there. I've seen it used in every possible way though. Sometimes I gather people are refering to the day the patch was issued. Wikipedia doesn't really clear it up http://en.wikipedia.org/wiki/Zero_day [wikipedia.org]

  • Re:Microsoft Recommends.. (Score:4, Informative)

    by PsychicX ( 866028 ) on Tuesday December 05, 2006 @11:49PM (#17124164)
    The slashot summary is deceptive (probably deliberately). From TFA:
    Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.
    The point is that there is a danger that a trojan on someone else's machine could start spreading infected Word files inside a corporation, or just amongst friends. Note furthermore:
    The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
    Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
    It can't be triggered automatically, and limited accounts (like every Vista system) will be largely unaffected. (Because exploits will usually try to root the box or install something, both of which will be prevented.)

    Also observe that Office 2007 isn't affected. Obviously MS is doing something right in the next generation of their products.

  • Error in article and MS link (Score:3, Informative)

    by MrLint ( 519792 ) on Tuesday December 05, 2006 @11:55PM (#17124224) Journal
    Office for MacOS X has 2 versions: v.X (10.x) and 2004 (11.x)

    There is no 'Microsoft Word 2004 v. X for Mac'

  • Re:Looks like a long work day tomorrow (Score:2, Informative)

    by gnarvaez ( 856674 ) on Wednesday December 06, 2006 @12:05AM (#17124320)
    Yes, it would. For the Mac there is Neooffice (neooffice.org). While it is not as fast as using the Microsoft products, it is fast enough and does not seem to crash as often (I hate using word with document that have more than a couple of footnotes, tables, etc. Almost always Office will crash... been through all the checks on fonts, etc. Office is a crappy product. What I would like to see is an update of FrameMaker for the Mac, come on Adobe, you know it is a good product if only you were to maintain it properly and give it a current GUI... or release it to the open software community).

  • Re:Problems with reportage? (Score:3, Informative)

    by bunions ( 970377 ) on Wednesday December 06, 2006 @12:16AM (#17124424)
    sure. and the EWeek article says

    > Microsoft suggests that users "not open or save Word files," even from trusted sources.

    I'm sure you see how these are, in fact, different statements.

  • Re:Article Summary is Flamebait (Score:2, Informative)

    by poopdeville ( 841677 ) on Wednesday December 06, 2006 @12:29AM (#17124518)
    Eh, typesetting unsolicited LaTeX documents is a security risk. TeX is a Turing complete language, and the tex engine has read/write access to the filesystem. It just happens to be an unlikely vector for attack.

  • Re:Microsoft Recommends.. (Score:5, Informative)

    by mikael ( 484 ) on Wednesday December 06, 2006 @12:44AM (#17124664)
    how on earth can someone code so sloppily that a WORD PROCESSOR has a serious security exploit?!

    The usual reason - a local buffer created from the stack set to a fixed size. ie.

    char cbuf[MAX_BUFFER];

    I would guess that the Microsoft Word document file will be arranged using a chunk data format:
    file header followed by object headers with type, version, length, followed by binary data for that object
    In this way, unknown chunks can just be skipped over.

    It would be no surprise that each programmer coding a particular object (formula, table) would assume that only
    they would be theonly one writing read/write routines for their particular object, and choose to use a local stack
    buffer to store the raw binary data, before converting it to the internal data structure.

    When reading the document, they would just read the header as normal (type,version,length), then read the specified
    amount of object data without checking the validity of the length.

    And it only takes one programmer to make this mistake in order to create a security vulnerability that compromises
    the entire application. Get the right type of data in the Word document, and you could theoretically load and execute
    some executable code stored the file.

  • Think before you post (Score:2, Informative)

    by l2718 ( 514756 ) on Wednesday December 06, 2006 @02:09AM (#17125208)
    What GP was mad about is not that user processes can have bugs, but that user processes could be in a position to threaten the stability of the operating system. He's wrong about the nature of the threat we're talking about here, but that's a separate point.

  • Re:Latex? (Score:3, Informative)

    by RemovableBait ( 885871 ) * <slashdot&blockavoid,co,uk> on Wednesday December 06, 2006 @08:00AM (#17127052) Homepage
    If you're on the Mac too, then TeXShop [uoregon.edu] is a pretty decent GUI for LaTeX documents. It's universal, open-source (GPL), and ties in with MacTeX and Aqua.

  • Message to customers: (Score:3, Informative)

    by Futurepower(R) ( 558542 ) on Wednesday December 06, 2006 @08:04AM (#17127092) Homepage
    Here is a message we sent to customers. Links were added for posting on Slashdot:

    Everyone,

    Don't use Microsoft Word. Use Open Office instead. This advice remains effective until Microsoft releases a patch, and it is installed.

    Microsoft just issued a security advisory [microsoft.com] warning people not to open Microsoft Word documents unless they have the latest version of Microsoft Word, which was just released, and costs [microsoft.com] $329 for the upgrade, or $679 for the most powerful full version.

    On the security advisory web page the relevant parts are buried in sections that aren't visible unless you click on them:

    "Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file."

    "We recommend that customers exercise extreme caution when they accept file transfers [files] from both known and unknown sources."

    The vulnerability is being actively used to infect user's computers. That's the meaning of the phrase "zero-day" attack in the first sentence of the advisory. None of the anti-virus software vendors have made signatures for this attack yet [eweek.com], which means that anti-virus software CANNOT protect against an attack.

    The reason Microsoft says to "exercise extreme caution" with files received "from both known and unknown sources", is that no one, not even computer consultants, can know whether a source can be trusted, since the anti-virus vendors have not yet made a method of detection for this vulnerability.

    Michael

  • Re:Looks like a long work day tomorrow (Score:3, Informative)

    by WillAdams ( 45638 ) on Wednesday December 06, 2006 @09:36AM (#17127940) Homepage
    Rather than VI and LaTeX, you may find LyX more comfortable. It's more word-processor-like, but w/ an interesting and innovative concept, it's a ``What You See Is What You Mean'' _Document_ Processor.

    http://www.lyx.org/ [lyx.org]

    Then, once it's done you can export to LaTeX and hack at things to your heart's content.

    William

  • This is bad enough... (Score:3, Informative)

    by ThinkFr33ly ( 902481 ) on Wednesday December 06, 2006 @11:45AM (#17130222)
    ... without spreading FUD along with it. Microsoft did *not* say you shouldn't open documents "even from trusted sources". They said [microsoft.com]:

    Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file.

  • Re:Microsoft Recommends.. (Score:3, Informative)

    by lahvak ( 69490 ) on Wednesday December 06, 2006 @02:51PM (#17134174) Homepage Journal
    I don't use a word processor, I use LaTeX, which seems to have much better layout rules than any version of Word I have seen. The document I am working on is around 200 pages. Compiling it (including invoking gnuplot to draw a load of graphs, pulling in a few code files and syntax highlighting them, constructing an index and bibliography, and making sure all cross-references are correct) takes 7 seconds of wall time on my current laptop, and most of that is time spent waiting for I/O.

    Since the original topic of this discussion was security vulnerabilities, let me note this: I hope you realize that in order to run gnuplot, makeindex, bibtex and who knows what else directly from LaTeX, which is what you seem to be doing based on your description (unless you use some sort of makefile based solution), you must most certainly have \write18 enabled on your TeX installation, which is a major security hole. It gives TeX a shell access, and can execute any code embedded in a tex file or hidden in a package or a cls file.

    Don't get me wrong, I love TeX, use TeX for all my document processing needs, and wouldn't touch Word with a 15.5 ft pole, and have \write18 enabled on all my TeX installations, because it just make things so much easier. I just wanted to point out that as far as security goes, maybe we shouldn't be so smug when comparing to Word. Quality of output, sure, easiness and speed of document creation, definitely, in these areas we win without breaking a sweat, but we do have our own security problems.

    By the way, the smalltalk based system you are talking about sure sounds interesting.

Slashdot Top Deals

The Tao doesn't take sides; it gives birth to both wins and losses. The Guru doesn't take sides; she welcomes both hackers and lusers.

Close