Holes in PowerPoint and Excel

jeffy124 writes: "Looks like it's time for IIS and Outlook to make room on the pedestal of security holes. Just about every recent version of PowerPoint and Excel are vulnerable to being taken over to control the system remotely. The hole is a macro-related, as it's possible to bypass asking the user if they'd like a macro to run. Microsoft's advisory can be found here." Funny. I always thought that PowerPoint was already at least as destructive as macro viruses to corporate productivity. You ever watch a suit fiddle with his presentation?

MS Choice, No Accident By Corporate IT

[joel_archer]

I wonder how many Corportate IT Dept's have deployed Microsoft products precisely BECAUSE they are so full of vulnerabilities. It offers ongoing access to CEO, CFO, and BOD computers! Hard to keep a secret about future corporate plans. In addition, its a way of doing constant ongoing survielance of employees.

Re:Star Office + linux

[Black+Copter+Control]

Linux installs don't seem to be as stupid as Microsoft. Even though the Linux is generally described by Microsoft geeks as a server system, the default setup for Redhat 7.1 Linux does NOT have the kinds of things enabled that would allow the Nimda virus to run. You have to explicitly tell it that you're going to be running a web server.

Even presuming that Apache was as horridly insecure as IIS is, a user would actually know that (s)he was running a web server. Then you have things like Microsoft quietly replacing unstuffit on the Mac with their own version which has an extremely glaring security hole of automatically executing binhex binaries.

Microsoft has shown every sign of not giving a rat's ass about security. From what I'm hearing, patches that might have protected users from Nimda were uninstalled by later Microsoft patches(!).. then you have that Microsoft execuive who was pooh-poohing people (re) downloading the patch as being "unnecessary".

Yeah.. but Microsoft's line is that it's all the users' fault.
That sort of attitude is consistent with a being psychopath, if the company were a person. If Microsoft is unwilling to take responsiblity for it's lax attitude towards security, people are going to continue to get goat-sexed by their software. Given that they refuse to give general users access to their source code, it shouldn't be the user's responsibility to test every patch to see if it undoes a previous security fix.

Microsoft demands that users place themselves at the mercy of Microsoft, then blames the user when due dilligence results in software being installed that's horribly insecure -- even after religiously installing every general and/or security patch as Microsoft releases them. That's why I prefer to do my real work on Linux boxes.

At least with Linux, people have the ability to chech the changes that are being made by a patch. It only takes a couple of people to find the problems in a patch.. then they can pass the information on to the rest of the user community. With Microsoft's normal licensing limitations, those people who do have access to the source code still can't tell people that Microsoft has shafted them (once again).