Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Issues Zero-Day Attack Alert For Word

Posted by kdawson on from the incoming dept.

0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."

10 of 483 comments (clear)

  1. Now might be a good time to try ... by Anonymous Coward · · Score: 5, Informative

    http://docs.google.com/

  2. Work-Around = OpenOffice by Tsu+Dho+Nimh · · Score: 4, Informative

    In the meantime, download and use OpenOffice

  3. Misleading summary by 2cv · · Score: 4, Informative
    The Security Advisory doesn't say not to open any DOC files. It says:
    Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources. This vulnerability could be exploited when a user opens a file.
    I wish sometimes I could mod article summaries...

    2cv
  4. Blurb slightly-FUD by Repton · · Score: 3, Informative

    The actual quote from the Microsoft page is:

    Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file.

    If you send an email to Fred saying "Can you send me xxxx", and Fred replies, saying "Here it is", you can probably safely open the attachment. You should just exercise caution when Fred sends you an email out of the blue saying "Hey, read this would you?".

    --
    Repton.
    They say that only an experienced wizard can do the tengu shuffle.
  5. Bah, typical bullshit non-edited craptastic blurb by beavis88 · · Score: 3, Informative

    And typical me not reading TF security advisory before posting. The actual wording from Microsoft is:

    Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.

  6. Re:zero day by kcbanner · · Score: 3, Informative

    It means an exploit there is no patch for! Its the zeroth day that they know about it :P

    --
    Obligatory blog plug: http://www.caseybanner.ca/
  7. Re:zero day by DebateG · · Score: 4, Informative

    Zero day: At the time the details of the exploit are published (or the patch is released), there already is an active exploit being circulated. I guess if you don't know exactly when the exploit was released it's a technically "less than or equal to zero-day" exploit, but that doesn't sound as sexy.

  8. Re:zero day by LarsG · · Score: 4, Informative

    It means that there is a working exploit out there in the wild, which is using a vulnerability that was previously unknown to the security community / the software maker. That is, there was zero days warning.

    --
    If J.K.R wrote Windows: Puteulanus fenestra mortalis!
  9. Re:Microsoft Recommends.. by PsychicX · · Score: 4, Informative
    The slashot summary is deceptive (probably deliberately). From TFA:
    Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.
    The point is that there is a danger that a trojan on someone else's machine could start spreading infected Word files inside a corporation, or just amongst friends. Note furthermore:
    The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
    Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
    It can't be triggered automatically, and limited accounts (like every Vista system) will be largely unaffected. (Because exploits will usually try to root the box or install something, both of which will be prevented.)

    Also observe that Office 2007 isn't affected. Obviously MS is doing something right in the next generation of their products.
  10. Re:Microsoft Recommends.. by mikael · · Score: 5, Informative

    how on earth can someone code so sloppily that a WORD PROCESSOR has a serious security exploit?!

    The usual reason - a local buffer created from the stack set to a fixed size. ie.

    char cbuf[MAX_BUFFER];

    I would guess that the Microsoft Word document file will be arranged using a chunk data format:
    file header followed by object headers with type, version, length, followed by binary data for that object
    In this way, unknown chunks can just be skipped over.

    It would be no surprise that each programmer coding a particular object (formula, table) would assume that only
    they would be theonly one writing read/write routines for their particular object, and choose to use a local stack
    buffer to store the raw binary data, before converting it to the internal data structure.

    When reading the document, they would just read the header as normal (type,version,length), then read the specified
    amount of object data without checking the validity of the length.

    And it only takes one programmer to make this mistake in order to create a security vulnerability that compromises
    the entire application. Get the right type of data in the Word document, and you could theoretically load and execute
    some executable code stored the file.

    --
    Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads