Word Vulnerability Compromised US State Dept. 207
hf256 writes "Apparently hackers using an undisclosed (at the time) vulnerability compromised the State Departments network using a Word document sent as an email attachment. Investigators found multiple instances of infection, informed Microsoft, then had to sever internet connectivity to avoid leaking too much data!"
Re:Microsoft Logic (Score:4, Informative)
How the **** is this insightfull? (Score:4, Informative)
Are you implying that is not the case with windows??? A quick look in task manager shows some system processes running as your user account, some as "LOCAL SERVICE", some as "NETWORK SERVICE", (both restricted accounts) and some as "SYSTEM" (=root). And a quick look at top on my linux box sure doesn't show "almost all" services running as unique users.
And sure, its up to the administrator to configure it so the user account is not an administrator, but I've never seen a government system where a domain user account has local admin rights.
In the specific case of this vulnerability, the word document was able to run arbitrary executable code as the current user. This presumably allowed access to network shares, and then sending the data back out (via HTTP most likely). That sort of thing would be possible with any operating system.
The only area you are correct in is that on linux the flaw could be patched quicker... But in a large organization, it likely could still be preferable to block the exploit with IDS/firewall rules than by rolling out a client patch...
Re:Scary (Score:5, Informative)
Such a thing is rather complex, and probably not pre-existing within word. It was brought in by the trojan itself.
Re:Scary (Score:3, Informative)
The trick of course is to hide the code in such a way that it doesn't appear as gibberish in Word. But that could be achieved by hiding it inside unused data of a picture or whatever.