Microsoft Issues Zero-Day Attack Alert For Word

0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."

SLASH! KNOCK OFF THE FUD SUBMISSIONS!

[davidsyes]

I'm probably going to damage my "excellent karma" (at least as shown on my personal page when I log in, but....

JESUS H. CHRIST jumping a barbed wire fence, Slash editors. Who's letting these submissions across the wire? While slash is not a world-class journal or trade rag, it ought tot

As MUCH as I tend to slight microsoft, the fake FUD from submitters is likely to cause more irreparable damage than the few of us who are terse and critical toward microsoft.

Please, take more time, or force your editors to work in teams as "two-person integrity" or SOMEthing. This is getting ridiculous.

C'mon, did microsoft REALLY say, "'not open or save Word files,' even from trusted sources."?

Likely NOT. Y'see, SOME of us can recognize the cute little enclosure of single and double quotes. I didn't at first catch it until I read another comment in this thread. When I went back, I got pissed, feeling the submitter is trying to be wiley and cute. But, for every IT or biz exec who considers Linux based on things in Slashdot (probably more and more a mistake these days), another will point to lame submissions such as the one being shredded now...

But, you know what? I am starting to think some mshaft people (who volunteered for projects, ascended the local ranks, gained trust and leadership positions) INFILTRATED Slashdot and is intentionally posting FUD like this to rile up the readership, get them passing bogus information, and setting them up for discrediting in the workplace. This sounds like rumored infiltrations going on with various Linux development groups, where some Human Trojan screws with projects and releases broken code in apps and distros to stymie and screw with companies trying to earnestly deploy Linux-based solutions or interoperability.

If that is the case, then Slashdot needs better vetting.

Re:Microsoft Recommends..

[kestasjk]

Remember the massive bundle of critical OS X security updates a week ago which patched holes that were being exploited for months?

• "Who cares about these critical vulnerabilities, as long as there's no spyware?"
• "Microsoft probably fixes loads of security bugs that they don't tell anyone about"
• "The remote/web vulnerabilities can't do any damage because users don't run as admin!"
• "The local admin privilege escalation vulnerabilities don't matter, because they're just local!"
• > (tagging beta)

Then Microsoft lets everyone know the moment an 0-day vulnerability is released which exploits a bug in Word.

• "I'd like to kick MS in the balls"
• "Why can't MS learn from Apple?"
• "It's lucky we use Macs where I work"
• "Read what Linus wrote about this vulnerability here: linus.doc"
• > haha, pwned, roflolmao (tagging beta)

Some people here make Slashdot seem like a parody of itself..

Re:Microsoft Recommends..

[Mike89]

Get a Mac. Both Pages and TextEdit will open and translate .doc files directly.

What a terrific, cheap sulution to the problem! Thank you, Deep Fried Geekboy.