MS Office and IE Exploits

← Back to Stories (view on slashdot.org)

Posted by pudge on Wednesday April 17, 2002 @01:19AM from the um-damn dept.

buzban writes "Microsoft has issued this security bulletin regarding potential buffer/code exploits. It seems to have a potential effect on a lot of things, including Office v.X, Office:2001, IE for Mac OS and for Mac OS X, AppleScript, et al... I couldn't get the update from Apple just yet, but that might be my own screwup. ;)" Only the patch for MSIE on Mac OS X is in Software Update through Apple. All others must be downloaded from Microsoft. Update: 04/17 21:02 GMT by P : pumpkinhead writes in that ZDNet has a story with more details.

3 of 31 comments (clear)

Min score:

Reason:

Sort:

Friendly tip for the Internet Explorer update by helixblue · 2002-04-17 01:31 · Score: 4, Informative

Not that I use IE except for testing, but I found that you only get prompted for the update if Internet Explorer is in /Applications.

I had moved it into /Applications/Internet on my machine.
1. Re:Friendly tip for the Internet Explorer update by Spencerian · 2002-04-17 04:33 · Score: 3, Informative
  
  I've just sent this same information to Macintouch.com, and I'll repeat it here:
  
  Mac OS X is UNIX, and, like many versions of OS, doesn't expect you to tweak your system around like in Mac OS 9.
  
  Don't do it. Leave ALL preinstalled Mac OS X applications exactly where they are. If you need to access them conveniently, place their icons in the Dock, the desktop, some folder, or use a third-party solution. Changing around the location (or probably name) of applications is the quick way of hosing a Mac OS X installation to the point where reinstallation is required.
  
  When other UNIX users need to activate an app from another location, they use symlinks or other method. But their apps stay put. So should it be with Mac OS X. Leave stuff alone unless you are a UNIX admin and Mac OS X programmer employed by Apple (hmm..a subtle way of saying "don't.")
  
  --
  Vos teneo officium eram periculosus ut vos recipero is.
Mac OS X mitigates security hole impact by rjamestaylor · 2002-04-17 02:10 · Score: 2, Informative
In the technical bulletien MS writes:
- On operating systems that enforce security on per-user basis, such as Mac OS X, the specific actions that an attacker's code can take would be limited to those allowed by the privileges of the user's account.
If you use the less-than-root privileged default user setup the impact of these remotely exploitable holes is mitigated. And you can thank the underlying UNIX system for that bit of goodness.
--
-- @rjamestaylor on Ello