Forgot your password?
typodupeerror
Microsoft Security

Microsoft Word Zero-Day Used In Targeted Attacks 88

Posted by Unknown Lamer
from the upgrade-your-word-processor dept.
wiredmikey (1824622) writes "Microsoft warned on Monday of a remote code execution vulnerability (CVE-2014-1761) in Microsoft Word 2010 that is being actively exploited in targeted attacks. If successfully exploited, an attacker could gain the same user rights as the current user, Microsoft said, noting that users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges. 'The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer,' Microsoft explained Microsoft did not share any details on the attacks that leveraged the vulnerability, but did credit Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team for reporting it to Microsoft."
This discussion has been archived. No new comments can be posted.

Microsoft Word Zero-Day Used In Targeted Attacks

Comments Filter:
  • by skids (119237) on Tuesday March 25, 2014 @12:09AM (#46571259) Homepage

    Last time I looked RTF (decade or so ago) was a pretty bare-bones least-common-denominator document markup specification.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Wasn't RTF supposed to be minimalistic and simple?

      RTF is. Word isn't.

      Word is bloated, cumbersome and buggy.

    • by symbolset (646467) *
      You have been able to embed OLE objects since 1992.
    • by cusco (717999)

      And who in the world thinks that Word is usable as an email viewer? It's such a dreadful experience that I'm surprised that MS still offers that option in Outlook.

      • by SkimTony (245337)

        Offers? That's the default behaviour in Outlook through Office 2013.

        • by symbolset (646467) *
          Office: for when you have Real Work. You know, like managing money, or social security numbers. Medical records. Industrial controls.
  • by Anonymous Coward
    RTF?!
  • by chromaexcursion (2047080) on Tuesday March 25, 2014 @12:17AM (#46571291)
    A simple protocol, no need for system access.
    Oh well, MS seems to have found a way to screw that up.

    Maybe Bill should pay to fix it ...
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Word processing was a solved problem in 1997, but Microsoft still has to continuously "upgrade" their software to be able to sell it again. They are out of good ideas, so they end up implementing bad ideas like adding system access to a simple protocol.

      • Word processing was a solved problem in 1997

        Huh, if only... Unless you mean smart-typewriter-level functionality.

        They are out of good ideas

        They had good ideas once?

      • Word processing was a solved problem in 1997, but Microsoft still has to continuously "upgrade" their software to be able to sell it again. They are out of good ideas, so they end up implementing bad ideas like adding system access to a simple protocol.

        Heh, that's pretty bad trolling attempt.

      • Word processing was a solved problem in 1997, but Microsoft still has to continuously "upgrade" their software to be able to sell it again. They are out of good ideas, so they end up implementing bad ideas like adding system access to a simple protocol.

        For me, one of the absolutely most useful aspects of a word processor is to let multiple people (across teams, partners, consultants, customers, etc.) edit and comment the same document, propose changes -- with author-specific version history tracking, sidebar comments, approve/reject functionality, etc. This has improved greatly not only since 1997 but over the last few generations of Word IMHO. Problem with the "people only need and use 20% of the features of modern Office" reasoning, is that different pe

      • by Ravaldy (2621787)

        Actually, it wasn't. Integration to sharepoint came after. May not be important to you but some businesses live off those features. You could also say the same about Excel but I can assure you that many of the enhancements made in the recent years were greatly appreciated by many businesses.

        Also adaptation to new hardware capabilities came into play to allow richer content and better word processing performance. Take a document with 250 pages that includes images in Word 1997. Do the same in the new version

    • It's not a protocol at all, it's a format. A protocol describes the details of an exchange between two or more parties.
  • There are so many of them to choose from
  • by mmell (832646) <mike.mell@gmail.com> on Tuesday March 25, 2014 @12:51AM (#46571465)
    No? Okay, later.
    • by RoLi (141856) on Tuesday March 25, 2014 @03:24AM (#46571805)

      Probably the MS-fans will think that's a problem, because LibreOffice is not "compatible".

      In fact the very fact that LibreOffice is an independent implementation of the file formats is a big advantage, because it is much more robust - When you reverse-engineer something you usually cover all possibilities (of a variable, etc.) - this is also the reason why you can often open corrupted .doc files with LibreOffice.

      • by mmell (832646)
        Actually, back when it was OpenOffice they encountered this question. A known exploit which took advantage of the Word file format was replicated to allow the same exploit to work in OpenOffice. The justification (which was quite correct) was that the exploit took advantage of the file format specification, not a code bug. I.e. - the format itself was flawed, and a correct implementation of the format would not correct the design flaw.

        OTOH, Microsoft doesn't own Rich Text format, and RTF is not inherent

        • by wwphx (225607)
          dBase III+ back in the '80s had a competitor called FoxBase. FB was crazy fast due to a very fast pre-compiler and a greatly improved indexing scheme. FB copied dBase's bugs because they had known workarounds in the programming community, and fixing the bug would break established code. Of course dBase was bought out by Borland, FB was bought out by Microsoft, and the world moved on to better implementations of the relational model.
          • by mmell (832646)
            Yeah, that's why I used Clipper. It turned dBase code into very excellent standalone applications, and faster than the dBase interpreter.
            • by wwphx (225607)
              My PHBs wouldn't spring for something like Clipper. Still, we did some pretty amazing things with FB.
  • How many years, decades even, has microsoft had the time to understand and get these issues fixed ?

    They simply DONT CARE. They retain features like this for their own convenience instead of spending some of those profits on solving the problems these 'easy and vulnerable' solutions of theirs are for.

    Thses problems have been identified again and again and whatever bandaids microsoft has done was not a systematic elimination.

    Shoddy work with a monopoly is a bad situation and Bill Gates who set the pattern for

  • by fuzzyfuzzyfungus (1223518) on Tuesday March 25, 2014 @03:05AM (#46571761) Journal
    Privilege escalation is always worse than 'execute with same privileges as user'; but for primarily-end-user software the distinction seems a great deal less helpful (unlike, say, on the server, where attacks isolated to one service account or daemon are legitimately less dangerous). Joe User's security context has access to more or less his entire life in documents and ill-secured website passwords, and enough permission to plant something that will start when he next logs in in a zillion different places that he isn't likely to notice(details will vary by OS; but the only real exception would be the control-freakier mobile ones). So Joe User is screwed at either privilege level, and, from the perspective of fixing the system, conclusively proving that only user-level access was gained and the system is still secure (much less attempting to fix it if it isn't) is so much more time consuming than just nuking it and applying a fresh image that you'd only try in order to get samples of the attacker, not because it's worth the trouble on its own.
    • Well its very true. Nowadays there are many user-level malicious programs, mostly various ransomware types which can inflict various levels of annoyances on the users.
      Just imagine opening a document and "catching" cryptolocker...
  • MS Word has been insecure since MicroShaft decided to add VBA and tie Word into the OS. Nothing but virus attacks and worms.

    Why the hell do so many people continue using shit products so damned likely to infect their system?

    • MS Word has been insecure since MicroShaft decided to add VBA and tie Word into the OS. Nothing but virus attacks and worms.

      Why the hell do so many people continue using shit products so damned likely to infect their system?

      File -> Options -> Trust Center ... First thing any sane person should do after installing word is turn off all macros and activex/vba without notification.

  • by walterbyrd (182728) on Tuesday March 25, 2014 @07:30AM (#46572521)

    > "Most security professionals consider Microsoft the bar every other vendor should strive to meet."

    Computerworld said it, so it must be true.

    http://www.computerworld.com/s/article/9246837/Perspective_Microsoft_risks_security_reputation_ruin_by_retiring_XP?pageNumber=2

  • Is that Google is the one exposin the flaws in Microsoft office. I've recently ditched all things Microsoft. Went over to the dark side, Ubuntu. Why not? It has all the applications and functionality I had on my ancient XP laptop plus a whole lot more. Plus it comes bundled with Firefox and Thunderbird which I was using on my XP box to begin with. All I had to do was copy over my documents, music and profiles for both and I got everything back. And Libre office has come a very long way. Plus I have my NNTP
  • ...will it run in Wine?

This is a good time to punt work.

Working...