Slashdot Mirror
Microsoft Issues Zero-Day Attack Alert For Word
0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."
That the business world just stop for a few minutes(days, weeks) while they fix this.
If I can't even open my friends' documents then what am I - as a manager to do?
Oh, wait - I don't do anything anyway and my life revolves around Excel.
Nevermind.
The Kai's Semi-Updated Website Thingy
So let me get this straight... For the time being the only safe Word files are new files that other people don't need to open?
But hey, you saved a ton of money on retraining costs.
Maybe not
Good general advice, really. They should put that on the Office packaging, like on a packet of cigarettes.
ant
So, Microsoft are basically telling us to stop using Word? Sounds like great advice to me -- cheers, Bill!
Tubal-Cain smokes the white owl.
Making the Ribbon, and then congratulating themselves on how cool it looks, and then making advertisements with people with dinosaur heads.
Comment removed based on user account deletion
You forgot to mention the Vista sound. The put tons of effort into that.
Help stamp out iliturcy.
This is a new spin to upgrade to their new Office 2007 product line.
Yet ANOTHER feature Word has that OpenOffice doesn't. :(
Yeah, they taught me in school that latex was a good way to guard from viruses.
Good thing I connect via WiFi.
Dear Professor,
My final project for the semester is attached as a Word document. If you have any problems reading it, please let me know. Me and everyone else in your address book.
Don't have to worry about grading it. By the time you read this, I will have used the root-kit to grade it myself.
Nice porn, by the way! You dog! We'll make this our little secret.
love,
toodles
Ah, license to ignore any unexpected memos for the next couple of days, excellent
Except that I have been saying that for years. MS Doc format is an untrustworthy format. It has been known to carry unexpected payloads in the past and there are alternatives which are known to be safer yielding similar if not identical results for most people. (And if someone thinks they actually NEED to have VBA in a word document, I'd have to suggest there's probably a better way to program your way out of the situation you find yourself in. I just haven't been able to think of a good reason to have programming code in a Word document and I haven't seen a good example either. Can anyone offer a reason good enough?
ODT works well... hell, for that matter RTF works well enough for most people.
But, I send you this file to ask you advice!
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
How is one supposed to exercise caution when opening a Word document? Do click on it slowly and deliberately, or do you click it carefully after giving the PC a pat on the head...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
sticking with Word 97. It's apparently not affected by this.
Did anyone else read that as "Microsoft Ossues Zero-Day Attack Alert For World"?
That's why the Windows XP Security Guide is distributed a .doc...
"It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
We tried, only to see that the documents were mangled and OO crashed often. Then someone told me it's always like that, so you should be fine.
"Do not start Windows, even when using trusted computing"
I like Notepad better anyway.
Would you like some help?
I'm sure there are Latex Trojans too. Used 'em myself.
Some drink at the fountain of knowledge. Others just gargle.
you will be vindicated. I have stuck with Office 97, because I have never thought that any of the "improvements" that M$ has made in newer versions of Office were worth the price of a new program. It is now too old to be affected by the latest virus. Lord, this is sweet.
In the land of the blind, the one-eyed man is king.
It's always worked in the past. Why change a winning formula?
I met a college student last year who writes all of her papers in Adobe Photoshop. She just sets up 300dpi pages and types all the text into text boxes. That way she could make pretty photographic backgrounds. And there are NO security issues!
I didn't realize it then, but she is obviously a genius.
$nice = $webHosting + $domainNames + $sslCerts
Maybe the method Word uses to render itself - when used on a certain font with the right combination of letters - infects your brain somehow. I guess it's working on the same principal as flash ads.
which is totally what she said
Microsoft has made no promise about not doing evil, and they've shown it on a daily basis for 15 years.
Of course, I would actually be happier if Microsoft would make a promise to "Do no stupid."
You are in a maze of twisty little passages, all alike.
Microsoft is just taking the paperless office to the next level - the documentless office.
What he can't kill, he has sex on. Trent.
From:
To: All_Employees
Subject: Corporate Security Alert
Significance: High
Microsoft has announced a security alert pertaining to MSWord - probably all versions. Microsoft recommends not opening any MSWord documents from anyone, until further notice. Please see attached for details.
Thank you,
IT Department
[attachment - MSSecurityAlertDetails.doc - 1,253KB]