Microsoft Issues Zero-Day Attack Alert For Word 483
0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."
what about OO.org? (Score:5, Insightful)
A Smarter Choice (Score:2, Insightful)
Re:Lets see... (Score:2, Insightful)
Re:Now might be a good time to try ... (Score:5, Insightful)
Yes! Great idea! Just trust all of your internal documents to a random third party company with no privacy guarantees. But hey, at least they've made a vague "Do no evil" promise!!1!
Re:Article Summary is Flamebait (Score:5, Insightful)
Really? I get documents that I'm not expecting all the time. I never have any fears opening Latex documents from anybody. You Microsoft folks sure have funny security.
Comment removed (Score:4, Insightful)
Zero-day? (Score:2, Insightful)
Re:Blurb slightly-FUD (Score:2, Insightful)
Re:Microsoft Recommends.. (Score:4, Insightful)
Re:Now might be a good time to try ... (Score:5, Insightful)
Not that I'm suggesting Microsoft engineered it, mind... but it might not be as bad for them as seems initially
Re:Microsoft Recommends.. (Score:2, Insightful)
Obviously Microsoft is updating their old programs to have exploits that their new ones don't. And before you say prove it, you prove they are not. Microsoft keeps its source code closed. They release updates these days like crazy. It would be a simple task for them to align their old products to be vulnerable and, of course, insure their new product is not vulnerable to some zero-day exploit that comes along just as they need some reason to tout their shiny new product.
Why are Word documents able to get infected like this? Why does the infection affect so many old Microsoft products (and ones currently in use) but not the next version of these products Microsoft just released? You attribute it to improved security. I attribute it to an improvement in marketing ploys by a company known for doing anything it takes to get you locked into their product.
What is the real solution Microsoft is suggesting? Don't open Word documents or upgrade to Office 2007. It is as simple as that. And much more than probably deliberate.
Re:Microsoft Recommends.. (Score:5, Insightful)
Maybe the notion of writing all my papers in HTML wasn't so insane after all... no more of these archaic "pages", and it would certainly be a more reliable way of turning in assignments than e-mail attachments. Take care of a formatting stylesheet once, and from there on it's just using the <p> tag to full appropriateness.
The problem is... (Score:2, Insightful)
Re:Microsoft Recommends.. (Score:5, Insightful)
It's probably closer to the mark than "receive unexpectedly". If someone in a corporation became infected, and they infect documents on a shared network location -- game over. Other users don't have to "receive" it via a classic-email virus, but rather they just have to go about their daily business. You touched on this yourself, and it is why this does basically mean "there be dragons" for all word files in corporations.
Phew! Now that we know that the burgeoning community of Vista users will be "largely unaffected", we're safe! That comprises the set that downloaded and installed the RTM from MSDN, so at a minimum, around an installed base comparable to QNX.
In any case, "largely unaffected" is more deceptive than the Slashdot summary (which came right from Cnet) -- the risk of compromises nowadays are seldom that they'll reconfigure your drivers or repartition your drive, thus requiring admin rights (when was the last time a virus was actually maliciously destructive in such a manner?), but rather that they'll compromise data integrity/security. If Bob is a normal user, but he's in HR and thus has rights to HR information, then so does an exploit running as Bob the unprivileged numbers-monkey.
But the POINT is they WON'T stop it. (Score:3, Insightful)
And what do you do about the exploits already mailed to you, before the firewall suppliers figure out signatures and put them in place?
And if they don't successfully design signatures to catch ALL exploits of the flaw, what do you do about later stuff that exploits the flaw differently, and arrives in the window before signatures for THAT exploit are developed.
And so on.
Reactive anti-malware firewalls and filters will always have vulnerability windows between exploit and update and will usually have multiple windows per vulnerability - because updates are triggered by exploits and signatures tend to be tuned to exploits rather than flaws.
Flaw-fixing has a window of vulnerability too, but only one (if it's done correctly).
Re:Microsoft Recommends.. (Score:5, Insightful)
As for being hardly affected, it simply says LESS affected. What's to prevent the trojan from taking over your Outlook client and using it to send spam and propagate itself to everyone you know as well. Doesn't take root to do that, nor countless other things.
FUD police (Score:3, Insightful)
The quote in the summary was from TFA and was correct.
Your guidance is wrong. "Probably" means more likely than not. According to Microsoft's own statistics Fred's XP workstation is "probably" a rooted, keylogging spambot zombie. His files safe? Get real.
On the other hand, your machine is "probably" exploited already too, so why not just give up? Everyone else has. It's not like anybody wants to read your boring data anyway, right? Besides, what are we to do? If we can't use Office, we might as well give up and go home. We can just keep clicking away those popups until the machine slows down so much it won't function at all and then Ted from IT will fix it. You didn't really like google anyway -- that targeted search assistant is so much better at finding just the right thing. It's like it knows you.
Never mind.
Re:Work-Around = OpenOffice (Score:4, Insightful)
Re:Looks like a long work day tomorrow (Score:4, Insightful)
Then maybe OO.org devs should learn how to write proper C++ code. It doesn't have to be that way. And if you think that CLASS INHERITANCE is the only reason to use C++, then you don't know C++.
Re:Microsoft Recommends.. (Score:4, Insightful)
(Serious non-flaming post ahead so don't mark me troll before at least reading!)
Putting aside your Microsoft fanboy attitude of 'oh just buy the next version and all will be well!' lets look at this objectively. And for the sake of being kind I wont go into details of how painful this will be for business in general; Sticking to the simple points will do just find to point out how horrible this is.
> Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.
Now you sound new to the world of tech as you haven't been embittered against Microsoft so I'll give you a break on this one. End users have two types of authentication; 'This looks shiny' *click* and 'Oh I know this person' *click*. So in reality the summary is an effective warning and really if some one in a business gets a document saying AccountsNov06.doc who is to say it is expected or unexpected - some one sent you the accounts and a nice little social engineering spiel to lure you to the click. Yes boss, three bags full boss.
> The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
> It can't be triggered automatically, and limited accounts (like every Vista system) will be largely unaffected. (Because exploits will usually try to root the box or install something, both of which will be prevented.)
See previous post about *clicky*. If you boss tells you to deal with AccountsNov06.doc then you deal with AccountsNov06.doc and that usually, if I'm not mistaken, involves opening it for a start. Also largely unaffected; what does that really mean? There will be a box come up saying 'Click me like you usually do as I get in the way of every simple task' because let me tell you as a system administrator even I started clicking them without thinking after two hours of testing Vista. Finally on this topic users who have limited accounts is a joke - even with your AD locking down almost all of the system most places still allow execution of applications and scripts which may have decent root kitting abilities that bypass user rights - only high schools and net cafes go the whole nine yards.
And lastly you have the gem of saying Microsoft is great because their next product line isn't affected. I think the parent to this post addressed this point perfectly with the following:
> You mean like not releasing them yet?
Which points out the flaw in your argument very nicely. Still it is worth expanding for those unfamiliar with Office 2k7 in that a) it implements a new XML document format which has nothing to do with
Either way before you mouth off at Slashdot consider the topic and its implications to users and business first; there are many real Slashdot exaggerations that are stabs at Microsoft and this isn't one of them. Some times it is apt to say that Microsoft really did drop the ball.
Re:Microsoft Recommends.. (Score:5, Insightful)
A broken lock is a broken lock even if no one takes advantage of that fact.
Re:Microsoft Recommends.. (Score:4, Insightful)
You want LaTeX. If you're running KDE, you can't beat Kile [sourceforge.net] as an editor.
Re:Now might be a good time to try ... (Score:3, Insightful)
Yes, your Sarcasm is well placed. Yet another reason not to use Microsoft products!
Oh, you meant Google, not Microsoft! Ah, well, this -- at least -- is something you'll have to wait for hell to freeze over before you get from Microsoft...
Re:Microsoft Recommends.. (Score:4, Insightful)
Given the choice between random sub-second hangs and random crashes with occassional virus infection, I'll take the former any day. Besides, modern VMs compile everything to machine code prior to execution (JIT), so there shouldn't be any significant speed penalty to them - and there isn't, as far as I can tell.
I guess they'll be seeing a lot of exploits in the future too, then.
Re:can you not grasp the headline? (Score:3, Insightful)
No it isn't. How old are you? Have you ever worked in anything other than McDonalds? Company Confidentiality is essential for running a business. It's also a legal requirement in the case of HR records. Uploading particualar records to Google would breach numerous laws and could get you closed down.
Legal issues aside, it's well known that Google do analysis of their data. Do you really want a bot crawling over your companies secrets? What if your business is something that overlaps with one of Google's products?
Do Google provide an SLA? Do you even know what an SLA is? What if the site's down, do you just send everyone home for the day? What's their privacy policy? Data safeguards? Encryption? Backups? Version control?
The rest of your post is equally nonsensical. What does the warranty provided with Microsoft Word have to do with corporate mismanagement and it's possible effects on the western economy? Next you'll be telling me it was Microsoft that invaded Poland.
Re:Microsoft Recommends.. (Score:4, Insightful)
Also it is nice that you have time and the interest to educate your clients and I commend you (please assume no sarcasm in that line). Unfortunately as per a generalisation I do not believe your case is common and then of no important to the claim. Also many sys admins are in the added disadvantage that those who break the system are equal to them in standing and prefer to run their own affairs as they are 'grown ups who can tell the difference between right and wrong'...And seriously what can you say against that? While I will say they are pre-school children when it comes to computer based personal authentication I would never say it to their faces as they simply wouldn't understand the context and scope it was meant in. You may reply that I'm not giving my users enough credit...Though that is another argument which I'm not going to go into.
Note that our users also contact us when they are in doubt...Though it is rare that a doubtful response comes back from their 'friend' or 'shiny' assessment of a seemingly (to them) authentic email.
Re:Microsoft Recommends.. (Score:4, Insightful)
Yes, you absolutely did. There are no exploits running around in the wild affecting Macs. You can't cite a single real-world example. Not a single one.
What you conveniently leave out when you cited the long-ago debunked Mac mini hack is that the Mac was previously configured to give anyone an account who requested one, including full SSH access to poke around. Even the readers at Digg tore this one apart. Hardly the typical situation.
Absolutely correct. None of them are being exploited at all.
And yet nobody's exploiting it, because OS X's security prevents access. Next.
Which should tell you just how "urgent" it was to fix something that wasn't really a problem in the first place.
Lies, lies, and more lies. 100% false in every way imaginable.
Uh, they do post security bulletins.
Ah, the old "false sense of security" canard, despite the fact THERE IS NOT A SINGLE EXPLOIT RUNNING IN THE WILD THAT IS INTRUDING ON A SINGLE MAC. You can't cite a single one. Go for it.
Do you have any other skewed, sliced-and-diced "facts" you want to post that I can debunk? Any articles you want to cite without revealing the full situation behind them? Clearly, you have some chip on your shoulder against Macs, but your shortcomings don't change the fact that there is not a single trojan or virus running the wild for Macs. Not one.
Next.