Microsoft Word Security Flaw

JWL-23 writes: "cnn.com is reporting that a Microsoft Word flaw may allow file theft. Furthermore, they plan on not fixing Word 97, leaving millions of users out in the cold. Yet another reason to try OpenOffice.org." It still takes more than running Word to expose the contents of your hard drive though.

Re:Bad Developer, BAD!

[AlgUSF]

If microsoft offered free upgrades to customers who hold a flawed version of their software that they refuse to fix then all of their software would be basically "buy once, and recieve free upgrades for life"

Social Engineering

[xfs]

" If an attacker can persuade a target to open, modify and then return a document to him he can snaffle sensitive files on a user's PC. "

This isn't a huge bug with office it's a huge bug with USERS.

Faith in Microsoft?

[soboroff]

I loved this one:

"It's incredible to me that Microsoft would turn its back on Word 97 users," said Woody Leonhard, who has written books on Microsoft's Word and Office software. "They bought the package with full faith in Microsoft and its ability to protect them from this kind of exploit."


To paraphrase Douglas Adams, "Bill says, 'I refuse to fix bugs, for patches deny faith, and without faith I am nothing.' "

Re:Faith in Microsoft?

[soulsteal]

To paraphrase Douglas Adams, "Bill says, 'I refuse to fix bugs, for patches deny faith, and without faith I am nothing.' "

If only Bill could disappear in a puff of logic.

catching up to emacs

[Frymaster]

finally, word is catching up to emacs 1988!

file sharing

[RGRistroph]

Is there any way we can make a filesharing protocol based on this, and have gateway machines that mirror files that are behind facist firewalls that block gnutella ports to gnutella ? A kind of really long latency email server ?

You say to-may-to, I say to-mah-to.

[unsung]

Hey, new feature in Word!

Re:Bad Developer, BAD!

>>product that has been bug-free from initial release

Citronella candles?

Re:Bad Developer, BAD!

[fobbman]

The free upgrades that you seek can be downloaded here. Just don't go telling everyone because people will take advantage of their generosity.

Simple solution?

[Target+Drone]

From the article: Microsoft suggests users view hidden codes in every document they open.

Uh huh. Like that's going to happen.

I imagine next month they're going to suggest that everyone view the source for web pages they visit to get around the latest IE bug.

Is this a macro virus?

[smittyoneeach]

Turning on Tools | Options | General | Macro virus protection ought to help. Yes, I looked at the Word97 menu to validate that...
It strikes me that I know enough VBA that I could probably write some horrific trojan .doc's, lacked I all self respect.
While no great supporter of his Majesty Satanic, this article seems rather a stretch of the /. motto 'News for nerds, stuff that matters'. It's not news, for nerds, nor does it matter.
Come to think of it, such a stunt is likely also possible in Word Basic under Lose3.1, for the 286 diehards out there. Shall we also excoriate Redmond for failing to skin dive in that septic tank of code? Some old bastard in Scotsdale, AZ might be writing his memoir using that application, you know...

A Poorly-Written Article

[guttentag]

Microsoft's flagship word processor has for years had a security flaw that could allow a criminal to steal computer files by "bugging" a document with a hidden code.

Oh good. My secrets are safe because I don't know any criminals. The only people after my documents are ambitious marketing managers, who may be similar to criminals, but are not.

The company said it will definitely repair the problem only for owners of the most recent versions of the software. That decision -- still left largely up in the air by Microsoft engineers -- may leave millions of users of Word 97 without a fix.

So are they "definitely" fixing it for owners of the most recent versions, or is it "up in the air?" Paging Copy Editor, aisle six. Cleanup in aisle six.

Incidentally, Microsoft isn't "leaving millions of users of Word 97 without a fix." The fix is to upgrade your five-year-old copy of Word, get all the "great" features Microsoft has included since 97, and put money into Microsoft's coffers so they can develop great new features for Word 2007. Of course, that's Microsoft's solution. The better solution is to wipe your hard disk and download the Red Hat ISO or buy a Mac before you become further entangled in Microsoft's web.

"They bought the package with full faith in Microsoft and its ability to protect them from this kind of exploit."

If they were that gullible, this is the least worrisome of their problems.

Analyst Laura DiDio of the Yankee Group said companies are taking a risk by using such old software...

FUD in an AP article? I am shocked!

Microsoft suggests users view hidden codes in every document they open.

I hope that's not the fix. "Ford suggests drivers check their oil and tire pressure before each time they start their cars."

Re:A Poorly-Written Article

[guttentag]

I don't know about your Ford, but my Merkur manual suggests that I check oil, tire pressure, transmission fluid, etc before starting my car or driving it. Come to think of it, my Nissan manual has the same thing.

They may say it in the manual because the lawyers told them to include it, but this is different. Let's say Ford discovers that the tires that came on many of their vehicles have a tendency to fail (which would never happen to Ford, of course). This would be like Ford saying, "We're not going to recall the tires. There's no need for that. Just check your tire pressure before each use. If you're going to the supermarket, check each tire before you get into the car. When you come out of the supermarket, check the tires again. If the supermarket is a great distance away, say, more than five miles, stop somewhere along the way and recheck your tires just to be sure. Oh, and owners of '97 models should just buy a new car. You're really taking a risk if you're driving a five-year-old car anyway."

Microsoft suggests...

[MojoRilla]

Microsoft suggests users view hidden codes in every document they open. In Word 2002, the latest version, that can be done by selecting tools, options, then checking the "field codes" box. Many companies, however, use such codes for legitimate and harmless purposes.

In unrelated news, beef processors are asking all their customers to check their products for bacteria before eating. Just take a sample down to a local lab to be tested, and wait four to six weeks. The beef processors aren't responsible for meat going bad while waiting for test results.

Microsoft. What insecurity to you want to exploit tomorrow?

MS Word == newest P2P client?

[richieb]

So, now I can search and find MP3 files by emailing Word files? How cool is that!

Re:Riiiight

[Oliver+Wendell+Jones]

I am assuming that your IT group hasn't done any stability testing

You are of course assuming that our IT group is stable enough to perform that kind of testing... :-)

Intruders

[Tablizer]

This horrible bug could even allow invaders to install malicious or undesirable software such as MS-Word 97.

Oh, wait