Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Issues Zero-Day Attack Alert For Word

Posted by kdawson on from the incoming dept.

0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."

103 of 483 comments (clear)

  1. Microsoft Recommends.. by sylvainsf · · Score: 5, Funny

    That the business world just stop for a few minutes(days, weeks) while they fix this.

    1. Re:Microsoft Recommends.. by Anonymous Coward · · Score: 5, Funny

      I wish Microsoft were a person. Then I could go up and kick that person in the nuts.

    2. Re:Microsoft Recommends.. by PsychicX · · Score: 4, Informative
      The slashot summary is deceptive (probably deliberately). From TFA:
      Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.
      The point is that there is a danger that a trojan on someone else's machine could start spreading infected Word files inside a corporation, or just amongst friends. Note furthermore:
      The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
      Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
      It can't be triggered automatically, and limited accounts (like every Vista system) will be largely unaffected. (Because exploits will usually try to root the box or install something, both of which will be prevented.)

      Also observe that Office 2007 isn't affected. Obviously MS is doing something right in the next generation of their products.
    3. Re:Microsoft Recommends.. by JoGlo · · Score: 5, Funny

      Oooooh! She wouldn't like that!

      --
      Will those of you who think that you know what you are doing, get out of the way of those of us who know what we are doi
    4. Re:Microsoft Recommends.. by ewl1217 · · Score: 4, Insightful
      Also observe that Office 2007 isn't affected. Obviously MS is doing something right in the next generation of their products.
      You mean like not releasing them yet?
    5. Re:Microsoft Recommends.. by Brewskibrew · · Score: 4, Funny

      Get a stone tablet and a chisel. Those will also translate Word documents as well as make handy weapons for when your Microsoft Account Manager pops into your office.

      --
      For sale: Signature. One owner. Low miles. Always garaged. New punctuation, just installed!
    6. Re:Microsoft Recommends.. by Anonymous Coward · · Score: 2, Insightful

      Also observe that Office 2007 isn't affected. Obviously MS is...

      Obviously Microsoft is updating their old programs to have exploits that their new ones don't. And before you say prove it, you prove they are not. Microsoft keeps its source code closed. They release updates these days like crazy. It would be a simple task for them to align their old products to be vulnerable and, of course, insure their new product is not vulnerable to some zero-day exploit that comes along just as they need some reason to tout their shiny new product.

      Why are Word documents able to get infected like this? Why does the infection affect so many old Microsoft products (and ones currently in use) but not the next version of these products Microsoft just released? You attribute it to improved security. I attribute it to an improvement in marketing ploys by a company known for doing anything it takes to get you locked into their product.

      What is the real solution Microsoft is suggesting? Don't open Word documents or upgrade to Office 2007. It is as simple as that. And much more than probably deliberate.

    7. Re:Microsoft Recommends.. by Firehed · · Score: 5, Insightful

      As will OpenOffice.org on all platforms. That's not the point - how on earth can someone code so sloppily that a WORD PROCESSOR has a serious security exploit?! And more importantly, what feature in aforementioned WORD PROCESSOR requires *anything* that could pose a security issue?

      Maybe the notion of writing all my papers in HTML wasn't so insane after all... no more of these archaic "pages", and it would certainly be a more reliable way of turning in assignments than e-mail attachments. Take care of a formatting stylesheet once, and from there on it's just using the <p> tag to full appropriateness.

      --
      How are sites slashdotted when nobody reads TFAs?
    8. Re:Microsoft Recommends.. by ergo98 · · Score: 5, Insightful
      The Slashdot summary is deceptive (probably deliberately).

      It's probably closer to the mark than "receive unexpectedly". If someone in a corporation became infected, and they infect documents on a shared network location -- game over. Other users don't have to "receive" it via a classic-email virus, but rather they just have to go about their daily business. You touched on this yourself, and it is why this does basically mean "there be dragons" for all word files in corporations.
      It can't be triggered automatically, and limited accounts (like every Vista system) will be largely unaffected.

      Phew! Now that we know that the burgeoning community of Vista users will be "largely unaffected", we're safe! That comprises the set that downloaded and installed the RTM from MSDN, so at a minimum, around an installed base comparable to QNX.

      In any case, "largely unaffected" is more deceptive than the Slashdot summary (which came right from Cnet) -- the risk of compromises nowadays are seldom that they'll reconfigure your drivers or repartition your drive, thus requiring admin rights (when was the last time a virus was actually maliciously destructive in such a manner?), but rather that they'll compromise data integrity/security. If Bob is a normal user, but he's in HR and thus has rights to HR information, then so does an exploit running as Bob the unprivileged numbers-monkey.
    9. Re:Microsoft Recommends.. by kisielk · · Score: 4, Insightful

      It's not really deceptive, I often get attachments from almost everyone I regularly correspond with without expecting them first. Am I supposed to now call or email everyone I know every time they send me something to confirm that they intended to?

      As for being hardly affected, it simply says LESS affected. What's to prevent the trojan from taking over your Outlook client and using it to send spam and propagate itself to everyone you know as well. Doesn't take root to do that, nor countless other things.

    10. Re:Microsoft Recommends.. by mikael · · Score: 5, Informative

      how on earth can someone code so sloppily that a WORD PROCESSOR has a serious security exploit?!

      The usual reason - a local buffer created from the stack set to a fixed size. ie.

      char cbuf[MAX_BUFFER];

      I would guess that the Microsoft Word document file will be arranged using a chunk data format:
      file header followed by object headers with type, version, length, followed by binary data for that object
      In this way, unknown chunks can just be skipped over.

      It would be no surprise that each programmer coding a particular object (formula, table) would assume that only
      they would be theonly one writing read/write routines for their particular object, and choose to use a local stack
      buffer to store the raw binary data, before converting it to the internal data structure.

      When reading the document, they would just read the header as normal (type,version,length), then read the specified
      amount of object data without checking the validity of the length.

      And it only takes one programmer to make this mistake in order to create a security vulnerability that compromises
      the entire application. Get the right type of data in the Word document, and you could theoretically load and execute
      some executable code stored the file.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    11. Re:Microsoft Recommends.. by Moron_Programmer · · Score: 2, Interesting

      I'd rather kick in the nuts the guy who takes advantage of these 'exploits'. They cease to be exploits when there are none willing to exploit them.

    12. Re:Microsoft Recommends.. by cloricus · · Score: 4, Insightful

      Is the GP just an out right moron?

      (Serious non-flaming post ahead so don't mark me troll before at least reading!)

      Putting aside your Microsoft fanboy attitude of 'oh just buy the next version and all will be well!' lets look at this objectively. And for the sake of being kind I wont go into details of how painful this will be for business in general; Sticking to the simple points will do just find to point out how horrible this is.

      > Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.

      Now you sound new to the world of tech as you haven't been embittered against Microsoft so I'll give you a break on this one. End users have two types of authentication; 'This looks shiny' *click* and 'Oh I know this person' *click*. So in reality the summary is an effective warning and really if some one in a business gets a document saying AccountsNov06.doc who is to say it is expected or unexpected - some one sent you the accounts and a nice little social engineering spiel to lure you to the click. Yes boss, three bags full boss.

      > The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.

      > It can't be triggered automatically, and limited accounts (like every Vista system) will be largely unaffected. (Because exploits will usually try to root the box or install something, both of which will be prevented.)

      See previous post about *clicky*. If you boss tells you to deal with AccountsNov06.doc then you deal with AccountsNov06.doc and that usually, if I'm not mistaken, involves opening it for a start. Also largely unaffected; what does that really mean? There will be a box come up saying 'Click me like you usually do as I get in the way of every simple task' because let me tell you as a system administrator even I started clicking them without thinking after two hours of testing Vista. Finally on this topic users who have limited accounts is a joke - even with your AD locking down almost all of the system most places still allow execution of applications and scripts which may have decent root kitting abilities that bypass user rights - only high schools and net cafes go the whole nine yards.

      And lastly you have the gem of saying Microsoft is great because their next product line isn't affected. I think the parent to this post addressed this point perfectly with the following:

      > You mean like not releasing them yet?

      Which points out the flaw in your argument very nicely. Still it is worth expanding for those unfamiliar with Office 2k7 in that a) it implements a new XML document format which has nothing to do with .doc so isn't affected and b) they have time to fix their .doc filter layer so this doesn't happen in the wild under 2k7 - in fact I'd almost wager a decent price that the current release of Office 2k7 floating around the MS offices has the flaw and if it doesn't I'd be raising questions that this was a stunt to force upgrades and kill off .doc faster.

      Either way before you mouth off at Slashdot consider the topic and its implications to users and business first; there are many real Slashdot exaggerations that are stabs at Microsoft and this isn't one of them. Some times it is apt to say that Microsoft really did drop the ball.

      --
      I ate your fish.
    13. Re:Microsoft Recommends.. by Anonymous Coward · · Score: 4, Funny

      Quarriers! Quarriers! Quarriers!

    14. Re:Microsoft Recommends.. by OldManAndTheC++ · · Score: 3, Funny

      Get a stone tablet and a chisel.

      Actually Microsoft is going to release a product for that very format.

      They plan to call it Microsoft Word 2007 BC.

      And in an even weirder twist, because the product release schedule slipped they had to change the original name: Microsoft Word 2009 BC

      --
      Soylent Green is peoplicious!
    15. Re:Microsoft Recommends.. by ultranova · · Score: 4, Insightful

      I'd rather kick in the nuts the guy who takes advantage of these 'exploits'. They cease to be exploits when there are none willing to exploit them.

      A broken lock is a broken lock even if no one takes advantage of that fact.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    16. Re:Microsoft Recommends.. by Nasarius · · Score: 3, Insightful

      Maybe the notion of writing all my papers in HTML wasn't so insane after all

      You want LaTeX. If you're running KDE, you can't beat Kile as an editor.

      --
      LOAD "SIG",8,1
    17. Re:Microsoft Recommends.. by ultranova · · Score: 3, Insightful

      Yeah, I really want to submit users to random hangs while the Java VM garbage collects itself. Not to mention that yes, speed does matter, so until you can actually show some evidence of real-life shrink-wrapped applications running just as fast on a VM as on the metal, I think we'll stick with C++ (trust me, repagination is a lot of work, and it's already bad enough in long documents).

      Given the choice between random sub-second hangs and random crashes with occassional virus infection, I'll take the former any day. Besides, modern VMs compile everything to machine code prior to execution (JIT), so there shouldn't be any significant speed penalty to them - and there isn't, as far as I can tell.

      And if you think Word's too complex and shouldn't be doing that much work, you know where to find notepad (or vi), but good luck making professional documents; I'm fairly certain that most of our 500 million customers will stick with Word.

      I guess they'll be seeing a lot of exploits in the future too, then.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    18. Re:Microsoft Recommends.. by cloricus · · Score: 3, Insightful

      Both of your examples are the same thing; Preschool children by definition have the mental capacity of preschool children. In any case I stand by my claim which is based on several years of observation of this very problem as I wanted to see how they could fail so badly at basic authentication and fall for scams/spams/etc.

      Also it is nice that you have time and the interest to educate your clients and I commend you (please assume no sarcasm in that line). Unfortunately as per a generalisation I do not believe your case is common and then of no important to the claim. Also many sys admins are in the added disadvantage that those who break the system are equal to them in standing and prefer to run their own affairs as they are 'grown ups who can tell the difference between right and wrong'...And seriously what can you say against that? While I will say they are pre-school children when it comes to computer based personal authentication I would never say it to their faces as they simply wouldn't understand the context and scope it was meant in. You may reply that I'm not giving my users enough credit...Though that is another argument which I'm not going to go into.

      Note that our users also contact us when they are in doubt...Though it is rare that a doubtful response comes back from their 'friend' or 'shiny' assessment of a seemingly (to them) authentic email.

      --
      I ate your fish.
    19. Re:Microsoft Recommends.. by TheRaven64 · · Score: 4, Interesting

      trust me, repagination is a lot of work, and it's already bad enough in long documents

      I don't use a word processor, I use LaTeX, which seems to have much better layout rules than any version of Word I have seen. The document I am working on is around 200 pages. Compiling it (including invoking gnuplot to draw a load of graphs, pulling in a few code files and syntax highlighting them, constructing an index and bibliography, and making sure all cross-references are correct) takes 7 seconds of wall time on my current laptop, and most of that is time spent waiting for I/O.

      Oh, and much of the typesetting code used by LaTeX is written as interpreted macros that are run by the TeX runtime system. If it were all hard-coded, even in Java, it would be even faster.

      Earlier this year, I saw a demo of a typesetting system written in Smalltalk (and running in the Squeak VM) that represented every character as an object, with simple rules (e.g. stay next to next character, jump to next line if you are over the margin, jump to the end of line if there is only whitespace between you and the end of line). It ran very fast; he dragged an image across a multi-page document, and the text re-flowed around it, and the entire thing was written in a couple of pages of Smalltalk.

      If pagination is slow in Word, then I can only imagine it's because the developers need replacing.

      --
      I am TheRaven on Soylent News
    20. Re:Microsoft Recommends.. by mysticgoat · · Score: 2, Interesting

      ...how on earth can someone code so sloppily that a WORD PROCESSOR has a serious security exploit?!

      Shit happens.

      The more significant question is how on earth could an exploit like this manage to get by Quality Assurance for so many years?

      The answer is that the Coding For Profit paradigm necessarily imposes a limitation on quality assurance since QA is an expense that must be charged against profits.

      A viable workaround is to Code For Free under one of the open source licenses where you can nurture a community of bug-hunters and developers who provide good quality assurance for free. You generate your profits from other aspects of the software business, such as service. IBM and Redhat are doing pretty well with this approach. Until recently I would have mentioned Novell here too, but now there's some doubt about whether Novell will survive what might prove to have been a fatal error.

      Wake up little SUSE! The movie wasn't so hot.... but I digress.

      I expect that in the next few weeks Microsoft will offer as a workaround a free plug-in that will convert all documents to its new ECMA approved standard. MS will point to Novell as an alternate supplier (therefore avoiding immediate monopolistic legal hassles). MS will point out that MS Office 2007 will be immune to this exploit, so all businesses really need to do is to install the free plug-in and begin migrating their documents to the new format. Which will be supported by Novell's version of OpenOffice, btw, no sneaky deals here, huh?

    21. Re:Microsoft Recommends.. by Overly+Critical+Guy · · Score: 3, Insightful
      No, I didn't:

      Yes, you absolutely did. There are no exploits running around in the wild affecting Macs. You can't cite a single real-world example. Not a single one.

      What you conveniently leave out when you cited the long-ago debunked Mac mini hack is that the Mac was previously configured to give anyone an account who requested one, including full SSH access to poke around. Even the readers at Digg tore this one apart. Hardly the typical situation.

      None of them are zero-day exploits?


      Absolutely correct. None of them are being exploited at all.

      Checking one of the UNIX utility vulnerabilities (because these are the only ones that we know when they were discovered) the perl vulnerability was discovered in December 2005.

      And yet nobody's exploiting it, because OS X's security prevents access. Next.

      With that perl vulnerability, and probably others in the list, it was discovered in 2005 and Apple only get around to releasing a patch now.

      Which should tell you just how "urgent" it was to fix something that wasn't really a problem in the first place.

      Look at the list above from Apple; you would have had to screen e-mail for HTML, new fonts, turn off your wireless card, not use any Windows shares, not go to any links to web pages given in e-mails, not go to any suspect web pages, etc, etc.

      Lies, lies, and more lies. 100% false in every way imaginable.

      The only difference is that Apple don't post security bulletins giving people warning, that might damage sales.

      Uh, they do post security bulletins.

      Have fun having a false sense of security though.

      Ah, the old "false sense of security" canard, despite the fact THERE IS NOT A SINGLE EXPLOIT RUNNING IN THE WILD THAT IS INTRUDING ON A SINGLE MAC. You can't cite a single one. Go for it.

      Do you have any other skewed, sliced-and-diced "facts" you want to post that I can debunk? Any articles you want to cite without revealing the full situation behind them? Clearly, you have some chip on your shoulder against Macs, but your shortcomings don't change the fact that there is not a single trojan or virus running the wild for Macs. Not one.

      Next.
      --
      "Sufferin' succotash."
    22. Re:Microsoft Recommends.. by kestasjk · · Score: 2, Interesting
      I doubt anyone is really this stupid, you must be a troll, but what the hell..

      Yes, you absolutely did. There are no exploits running around in the wild affecting Macs. You can't cite a single real-world example. Not a single one.
      "running around in the wild"? An exploit is a piece of code which can be used to exploit a vulnerability. One thing that the rm-my-mac-mini competition showed is that exploits have been written for undisclosed OS X vulnerabilities. If no exploits existed how could OS X's security have been breached, and the Mac Mini's files deleted? Q.E.D.; exploits do exist for OS X.

      Absolutely correct. None of them are being exploited at all.
      As I showed above exploits have been written for OS X. What you are saying is that the only time exploits have ever been used against OS X was in the rm-my-mac-mini competition. The hackers that look for security holes in Apple's software, and don't disclose the holes, never exploit the holes they find; they just do it in case rm-my-mac-mini competitions come up.

      And yet nobody's exploiting it, because OS X's security prevents access. Next.
      What about the Safari vulnerability that allows you to remotely execute code? What about the Webkit vulnerability, or the AirPort vulnerability, or the Windows share vulnerability? OS X seems to allow access more than prevent it.

      Which should tell you just how "urgent" it was to fix something that wasn't really a problem in the first place.
      So holes like anyone being able to get complete access to your machine simply by you connecting to someone wirelessly, or looking at a malicious webpage, or accessing a malicious share or folder, aren't urgent to you? If not then I should say that there's a difference between being secure, and simply not valuing your security.

      Lies, lies, and more lies. 100% false in every way imaginable.
      But I'm citing Apple's own list of patches. Do you believe Apple's security is so flawless that the only explanation for their list of critical security holes is that they're lying?

      Ah, the old "false sense of security" canard, despite the fact THERE IS NOT A SINGLE EXPLOIT RUNNING IN THE WILD THAT IS INTRUDING ON A SINGLE MAC. You can't cite a single one. Go for it.
      See above; rm-my-mac-mini couldn't have happened without an exploit. If you're wondering why I keep referring to rm-my-mac-mini it's because hackers or script kiddies with OS X exploits generally don't make a habit of letting everyone know what they've been up to. rm-my-mac-mini is a source which I can cite which conclusively shows that exploits have been written for OS X vulnerabilities. (PS Writing in caps doesn't make people ignore the fact that your (only) argument has already been addressed)

      The argument you seem to be stumbling towards is "OS X has practically no market share, so no piece of malicious software written for it can be mass distributed effectively, therefore OS X is secure."
      Luckily for you barely anyone owns a Mac. By the same logic I could say "MS-DOS 6.22 is a perfectly secure, robust OS; there's not a single exploit being used against it".


      By the way, have you noticed the recent MySpace worm that's being spread with Quicktime? Quicktime is just about the only piece of Apple software that a large number of people use to process data directly from the web, and sure enough hackers find a way to exploit it.
      --
      // MD_Update(&m,buf,j);
    23. Re:Microsoft Recommends.. by volpe · · Score: 2, Funny

      Why don't just use latex?

      You're confused. Condoms work on an entirely different kind of virus.

    24. Re:Microsoft Recommends.. by lahvak · · Score: 2, Informative

      I don't use a word processor, I use LaTeX, which seems to have much better layout rules than any version of Word I have seen. The document I am working on is around 200 pages. Compiling it (including invoking gnuplot to draw a load of graphs, pulling in a few code files and syntax highlighting them, constructing an index and bibliography, and making sure all cross-references are correct) takes 7 seconds of wall time on my current laptop, and most of that is time spent waiting for I/O.

      Since the original topic of this discussion was security vulnerabilities, let me note this: I hope you realize that in order to run gnuplot, makeindex, bibtex and who knows what else directly from LaTeX, which is what you seem to be doing based on your description (unless you use some sort of makefile based solution), you must most certainly have \write18 enabled on your TeX installation, which is a major security hole. It gives TeX a shell access, and can execute any code embedded in a tex file or hidden in a package or a cls file.

      Don't get me wrong, I love TeX, use TeX for all my document processing needs, and wouldn't touch Word with a 15.5 ft pole, and have \write18 enabled on all my TeX installations, because it just make things so much easier. I just wanted to point out that as far as security goes, maybe we shouldn't be so smug when comparing to Word. Quality of output, sure, easiness and speed of document creation, definitely, in these areas we win without breaking a sweat, but we do have our own security problems.

      By the way, the smalltalk based system you are talking about sure sounds interesting.

      --
      AccountKiller
  2. Looks like a long work day tomorrow by filesiteguy · · Score: 4, Funny

    If I can't even open my friends' documents then what am I - as a manager to do?

    Oh, wait - I don't do anything anyway and my life revolves around Excel.

    Nevermind.

    --
    The Kai's Semi-Updated Website Thingy
    1. Re:Looks like a long work day tomorrow by thrillseeker · · Score: 5, Funny

      By the way, am I alone in thinking that it would be a good idea to have OpenOffice.org re-written in the Java language?

      very alone ...

    2. Re:Looks like a long work day tomorrow by aibrahim · · Score: 3, Funny

      > I have two words for you: As long as you PowerPoint, you're all set.

      >> That's a lot more than two words. Perhaps you should have used the preview button?

      Never attended a presentation ? Thats actually a Powerpoint users notion of two words.

      --

      Don't post innacurate information
      If you do, I swear by my pretty floral bonnet I will end you.
    3. Re:Looks like a long work day tomorrow by gnarvaez · · Score: 2, Informative

      Yes, it would. For the Mac there is Neooffice (neooffice.org). While it is not as fast as using the Microsoft products, it is fast enough and does not seem to crash as often (I hate using word with document that have more than a couple of footnotes, tables, etc. Almost always Office will crash... been through all the checks on fonts, etc. Office is a crappy product. What I would like to see is an update of FrameMaker for the Mac, come on Adobe, you know it is a good product if only you were to maintain it properly and give it a current GUI... or release it to the open software community).

    4. Re:Looks like a long work day tomorrow by Jello+B. · · Score: 5, Funny

      Obviously. This is Slashdot, not IRC.

    5. Re:Looks like a long work day tomorrow by mollymoo · · Score: 5, Funny
      If I can't even open my friends' documents then what am I - as a manager to do?

      I don't know where you got your MBA, but the low-hanging fruit is there to be picked - in simple terms, you need to synergize new communications opportunities by leveraging existing facilities. Incentivize your staff to maximally capitalize on the benefits of an approach which unifies the output of global arboreal facilities, exsting team-member dexterity and some pens.

      --
      Chernobyl 'not a wildlife haven' - BBC News
    6. Re:Looks like a long work day tomorrow by poopie · · Score: 3, Funny

      By the way, am I alone in thinking that it would be a good idea to have OpenOffice.org re-written in the Java language? The Java license is now very appealing.

      Umm... I think some out of work java programmers are with you. Oh, and I think you've got the support of memory chip manufacturers and makers of quad core CPUs.
    7. Re:Looks like a long work day tomorrow by Mr.+McGibby · · Score: 3, Insightful

      When I first read your post, I seriously thought you were joking. Then I realized you weren't. You're crazy. Rewrite an app the size of OO.org (in any language)? Are you serious?

      Then maybe OO.org devs should learn how to write proper C++ code. It doesn't have to be that way. And if you think that CLASS INHERITANCE is the only reason to use C++, then you don't know C++.

      --
      Mad Software: Rantings on Developing So
    8. Re:Looks like a long work day tomorrow by WillAdams · · Score: 2, Informative

      Rather than VI and LaTeX, you may find LyX more comfortable. It's more word-processor-like, but w/ an interesting and innovative concept, it's a ``What You See Is What You Mean'' _Document_ Processor.

      http://www.lyx.org/

      Then, once it's done you can export to LaTeX and hack at things to your heart's content.

      William

      --
      Sphinx of black quartz, judge my vow.
  3. Lets see... by jlarocco · · Score: 4, Funny

    So let me get this straight... For the time being the only safe Word files are new files that other people don't need to open?

    But hey, you saved a ton of money on retraining costs.

    --
    Maybe not
    1. Re:Lets see... by dwater · · Score: 2, Interesting

      Any reference for that? I'd love to be able to quote such to ... well, anyone, really.

      --
      Max.
  4. Now might be a good time to try ... by Anonymous Coward · · Score: 5, Informative

    http://docs.google.com/

    1. Re:Now might be a good time to try ... by Anonymous Coward · · Score: 5, Insightful

      Yes! Great idea! Just trust all of your internal documents to a random third party company with no privacy guarantees. But hey, at least they've made a vague "Do no evil" promise!!1!

    2. Re:Now might be a good time to try ... by pdbaby · · Score: 4, Insightful

      Isn't it more likely the sales patter for Office 2007 will become of course, if you were using our latest version...?
      Not that I'm suggesting Microsoft engineered it, mind... but it might not be as bad for them as seems initially

      --
      Global symbol "$deity" requires explicit package name at line 2. - If only $scripture started "use strict;"
    3. Re:Now might be a good time to try ... by Rick17JJ · · Score: 2, Interesting

      They could also use OpenOffice instead, at least temporarily. There are also other free alternatives such as using Abiword to view Word documents that they receive from customers. Abiword a well known alternative for Linux computers, but I see they also have Windows and Mac versions too. I also see that Word 97 isn't on their list of affected software so perhaps businesses could also consider just use their old copies of Office 97 to view incoming documents for the next few weeks (or did they just neglect to mention any version of Word that old).

      At home, I use OpenOffice running under Ubuntu Linux, so I should still be able to view Word documents safely.

    4. Re:Now might be a good time to try ... by eugene_roux · · Score: 3, Insightful
      Yes! Great idea! Just trust all of your internal documents to a random third party company with no privacy guarantees.

      Yes, your Sarcasm is well placed. Yet another reason not to use Microsoft products!

      But hey, at least they've made a vague "Do no evil" promise!!1!

      Oh, you meant Google, not Microsoft! Ah, well, this -- at least -- is something you'll have to wait for hell to freeze over before you get from Microsoft...

      --
      Part Time Philosopher, Oft Times Romantic, Full Time Unix Geek
    5. Re:Now might be a good time to try ... by Dekortage · · Score: 2, Funny

      I met a college student last year who writes all of her papers in Adobe Photoshop. She just sets up 300dpi pages and types all the text into text boxes. That way she could make pretty photographic backgrounds. And there are NO security issues!

      I didn't realize it then, but she is obviously a genius.

      --
      $nice = $webHosting + $domainNames + $sslCerts
    6. Re:Now might be a good time to try ... by ConceptJunkie · · Score: 2, Funny

      Microsoft has made no promise about not doing evil, and they've shown it on a daily basis for 15 years.

      Of course, I would actually be happier if Microsoft would make a promise to "Do no stupid."

      --
      You are in a maze of twisty little passages, all alike.
  5. what about OO.org? by no+reason+to+be+here · · Score: 4, Insightful

    Could the problem be avoided by opening the any .doc files with OO.org? i'm assuming that the exploit will only work if the file is actually opened with word, so it would stand to reason that opening it with some other application would be safe. can anyone tell me why i'm wrong?

    --
    my pet machine
    1. Re:what about OO.org? by OglinTatas · · Score: 2, Interesting

      You sir, are spot on. Back when macro viruses were rampant, when word 6 would unexpectedly corrupt word documents and make them "unreadable," it was wordperfect to the rescue. The file conversion would strip any macro viruses, and would ignore formatting that it couldn't understand, compromised/corrupted files could be rescued, (and re-saved in word 6 format to begin the process again, because officially we are a microsoft only shop)

      --
      More music, fewer hits
  6. Good Advice by antonyb · · Score: 4, Funny

    Microsoft suggests that users 'not open or save Word files,' even from trusted sources."

    Good general advice, really. They should put that on the Office packaging, like on a packet of cigarettes.

    ant

  7. A Smarter Choice by Anonymous Coward · · Score: 2, Insightful

    Microsoft suggests that users 'not open or save Word files,' even from trusted sources. Unless you're using OpenOffice.
  8. Work-Around = OpenOffice by Tsu+Dho+Nimh · · Score: 4, Informative

    In the meantime, download and use OpenOffice

    1. Re:Work-Around = OpenOffice by rthille · · Score: 3, Insightful

      how about cue the, "you should never run Microsoft software on any platform" comments...

      --
      Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
  9. Not open or save? by Aardpig · · Score: 3, Funny

    So, Microsoft are basically telling us to stop using Word? Sounds like great advice to me -- cheers, Bill!

    --
    Tubal-Cain smokes the white owl.
  10. zero day by Anonymous Coward · · Score: 2, Interesting

    What the heck does zero-day mean?

    1. Re:zero day by kcbanner · · Score: 3, Informative

      It means an exploit there is no patch for! Its the zeroth day that they know about it :P

      --
      Obligatory blog plug: http://www.caseybanner.ca/
    2. Re:zero day by DebateG · · Score: 4, Informative

      Zero day: At the time the details of the exploit are published (or the patch is released), there already is an active exploit being circulated. I guess if you don't know exactly when the exploit was released it's a technically "less than or equal to zero-day" exploit, but that doesn't sound as sexy.

    3. Re:zero day by LarsG · · Score: 4, Informative

      It means that there is a working exploit out there in the wild, which is using a vulnerability that was previously unknown to the security community / the software maker. That is, there was zero days warning.

      --
      If J.K.R wrote Windows: Puteulanus fenestra mortalis!
    4. Re:zero day by nine-times · · Score: 2, Informative

      A simple search would turn up the answer. It basically means there's no warning, and no time to prepare. The exploit's existence is made public the same day as the flaw's existence.

  11. Re:So many versions, same bug by jibjibjib · · Score: 2, Funny

    Making the Ribbon, and then congratulating themselves on how cool it looks, and then making advertisements with people with dinosaur heads.

  12. Misleading summary by 2cv · · Score: 4, Informative
    The Security Advisory doesn't say not to open any DOC files. It says:
    Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources. This vulnerability could be exploited when a user opens a file.
    I wish sometimes I could mod article summaries...

    2cv
  13. Article Summary is Flamebait by Somegeek · · Score: 2, Informative
    Hey, I like to bash Microsoft as much as the next guy, but there is a pretty bad rewrite going on here.

    Microsoft DOES NOT suggest that

    users 'not open or save Word files,' even from trusted sources."
    as stated in the summary.

    What they do say is :

    Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources.

    That is nothing more than standard precautions that one should take anyway. If you aren't expecting an attachment, don't open it. If you are expecting it, and it is from a trusted source, go ahead.

    Nothing to see here, move along...

    --
    And as you tread the halls of sanity, You feel so glad to be, Unable to go beyond. I have a message, From another time..
    1. Re:Article Summary is Flamebait by Kludge · · Score: 4, Insightful

      That is nothing more than standard precautions that one should take anyway. If you aren't expecting an attachment, don't open it. If you are expecting it, and it is from a trusted source, go ahead.

      Really? I get documents that I'm not expecting all the time. I never have any fears opening Latex documents from anybody. You Microsoft folks sure have funny security.

    2. Re:Article Summary is Flamebait by Perseid · · Score: 5, Funny

      Yeah, they taught me in school that latex was a good way to guard from viruses.

    3. Re:Article Summary is Flamebait by poopdeville · · Score: 2, Informative

      Eh, typesetting unsolicited LaTeX documents is a security risk. TeX is a Turing complete language, and the tex engine has read/write access to the filesystem. It just happens to be an unlikely vector for attack.

      --
      After all, I am strangely colored.
    4. Re:Article Summary is Flamebait by goombah99 · · Score: 3, Funny

      I'm sure there are Latex Trojans too. Used 'em myself.

      --
      Some drink at the fountain of knowledge. Others just gargle.
  14. Comment removed by account_deleted · · Score: 4, Funny

    Comment removed based on user account deletion

  15. Blurb slightly-FUD by Repton · · Score: 3, Informative

    The actual quote from the Microsoft page is:

    Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file.

    If you send an email to Fred saying "Can you send me xxxx", and Fred replies, saying "Here it is", you can probably safely open the attachment. You should just exercise caution when Fred sends you an email out of the blue saying "Hey, read this would you?".

    --
    Repton.
    They say that only an experienced wizard can do the tengu shuffle.
    1. Re:Blurb slightly-FUD by Iriestx · · Score: 2, Insightful
      If you send an email to Fred saying "Can you send me xxxx", and Fred replies, saying "Here it is", you can probably safely open the attachment. You should just exercise caution when Fred sends you an email out of the blue saying "Hey, read this would you?".
      That doesn't keep Fred from sending you a infected file. Fred gets an email of an unsolicited .doc. Fred runs the attachment. Fred infects his word files. You call Fred asking for for a specific file. Fred sends you said file, infected hours ago from his attachment. It's not unsolicited. It's from a trusted source. That doesn't mean it's not infected.
    2. Re:Blurb slightly-FUD by sharkey · · Score: 3, Funny

      But, I send you this file to ask you advice!

      --

      --
      "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  16. Bah, typical bullshit non-edited craptastic blurb by beavis88 · · Score: 3, Informative

    And typical me not reading TF security advisory before posting. The actual wording from Microsoft is:

    Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.

  17. Re:So many versions, same bug by symbolset · · Score: 2, Funny

    You forgot to mention the Vista sound. The put tons of effort into that.

    --
    Help stamp out iliturcy.
  18. Obvious Response by cheese-cube · · Score: 4, Insightful

    And thus begins the torrent of Microsoft mocking posts. Get your mod-points out and set them to +5 Funny because the laughs are only just beginning. *sigh*

  19. Microsoft Marketing... by SirKron · · Score: 3, Funny

    This is a new spin to upgrade to their new Office 2007 product line.

  20. Problems with reportage? by symbolset · · Score: 2, Interesting
    EWeek is pretty good about reportage and editing. If their article says (and it does):
    There are no pre-patch workarounds available. Microsoft suggests that users "not open or save Word files," even from trusted sources.
    Then I believe they got that answer when they asked. Perhaps their phone reps are more forthright than their website. Imagine that.

    Not opening Word files seems like a good idea. Microsoft IP's in them, and that's icky.

    --
    Help stamp out iliturcy.
    1. Re:Problems with reportage? by bunions · · Score: 2, Informative

      sure. and the EWeek article says

      > Microsoft suggests that users "not open or save Word files," even from trusted sources.

      I'm sure you see how these are, in fact, different statements.

      --
      there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.
  21. Oh, great! by Marsala · · Score: 5, Funny

    Yet ANOTHER feature Word has that OpenOffice doesn't. :(

  22. Spam/Virus firewalls by Twillerror · · Score: 2, Interesting

    I'm not to worried about this because most users are aware of attachment exploits like this.

    I'm sure the major spam firewalls will also have signatures in a relatively short period of time. If my email spam/virus firewall will stop this I'm fine.

    For the home user it is a bit more of an issue. At the same time most people use Yahoo, MSN, Google or some other account that has active scanner that I'm sure will be able to block these in the short run...if not by analyzing the file by analyzing the subject line. Heck, chances are it'll look like spam to my firewall won't let it thru to begin with.

    I do wish MS would put out the technical details of this exploit. It sounds like some sort of a buffer overflow. Something tells me it is a graphic insert of some sort, but who knows.

  23. Re:Just to be safe.. by assassinator42 · · Score: 3, Funny

    Good thing I connect via WiFi.

  24. Re:Zero-day? by Tharkban · · Score: 2, Informative

    I thought Zero-day refered to the first day that a vulnerability is publicly available. Start counting up from there. I've seen it used in every possible way though. Sometimes I gather people are refering to the day the patch was issued. Wikipedia doesn't really clear it up http://en.wikipedia.org/wiki/Zero_day

    --
    Tharkban (It is a signature after all)
  25. This aughta make FINALS more interesting... by surfcow · · Score: 5, Funny

    Dear Professor,

    My final project for the semester is attached as a Word document. If you have any problems reading it, please let me know. Me and everyone else in your address book.

    Don't have to worry about grading it. By the time you read this, I will have used the root-kit to grade it myself.

    Nice porn, by the way! You dog! We'll make this our little secret.

    love,
    toodles

    1. Re:This aughta make FINALS more interesting... by Anonymous Coward · · Score: 2, Funny

      Dear Professor,

      My final project for the semester is attached as a Word document. If you have any problems reading it, please let me know. Me and everyone else in your address book.


      Dear surfcow,

      The syllabus clearly states that all electronically submitted assignments should be presented in PDF or other non-proprietry formats. Please resubmit your assignment.

      Love,
      Your physics professor
  26. Re:Bah, typical bullshit non-edited craptastic blu by munrom · · Score: 5, Funny

    Ah, license to ignore any unexpected memos for the next couple of days, excellent

  27. I advise the same thing by erroneus · · Score: 2, Funny

    Except that I have been saying that for years. MS Doc format is an untrustworthy format. It has been known to carry unexpected payloads in the past and there are alternatives which are known to be safer yielding similar if not identical results for most people. (And if someone thinks they actually NEED to have VBA in a word document, I'd have to suggest there's probably a better way to program your way out of the situation you find yourself in. I just haven't been able to think of a good reason to have programming code in a Word document and I haven't seen a good example either. Can anyone offer a reason good enough?

    ODT works well... hell, for that matter RTF works well enough for most people.

  28. Fair is fair... by zappepcs · · Score: 2, Interesting

    At least there was a warning rather than 43 unannounced patches next Tuesday, I'll say that much for them. Its a shame that there is no patch yet though. Without saying how detrimental this will be for MS, I'm thinking that now I can't tell people that OOo is just like MS Office but free... now I have to tell them that its probably safer too. Ugggh, the people that want OOo and F/OSS software to be as good as MS Office and OS products really bug me, and this story is exactly why.

    Ya, sure, MS is the biggest target, so gets more hacker attention. Just the same, being king of the hill is not easy, and F/OSS software makers should do their best to simply keep doing things well, rather than doing them 'just like MS does' as its not working out so good for Redmond today.

    Do everything that 80+% of users want, do it very well, and let the Excel gurus and desktop publishing companies do the things for those other 12% or so. That's the biggest bang for buck right there. That 12% might be the biggest spenders, but they also don't care about the cost, or don't want to retrain or convert etc. ad nauseum.

    --
    Support NYCountryLawyer RIAA vs People
  29. Exercise caution... by flyingfsck · · Score: 5, Funny

    How is one supposed to exercise caution when opening a Word document? Do click on it slowly and deliberately, or do you click it carefully after giving the PC a pat on the head...

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
  30. Error in article and MS link by MrLint · · Score: 2, Informative

    Office for MacOS X has 2 versions: v.X (10.x) and 2004 (11.x)

    There is no 'Microsoft Word 2004 v. X for Mac'

  31. Re:I recommend... by Anpheus · · Score: 2, Funny

    I've noticed both Notepad and Wordpad are not vulnerable.

    I'll just stick with these inferior applications while boasting a smug sense of superiority.

    Ha-HA!

  32. we're all going to die.... by cheeseboy001 · · Score: 5, Funny

    Did anyone else read that as "Microsoft Ossues Zero-Day Attack Alert For World"?

  33. The problem is... by dfm3 · · Score: 2, Insightful

    ...that so many people have a bad habit of composing even a simple text message in Word, then emailing it out as an attachment. We have a number of people who do this at work, despite being repeatedly reminded that they can simply write their message within their email program. It's aggravating to receive an email that simply reads "see attached", then to actually read the 3-sentence message one has to save the .doc file to their computer, fire up word, and open the file, potentially exposing themselves to whatever the newest exploit is.

  34. Sure... by Shawn+is+an+Asshole · · Score: 2, Funny

    That's why the Windows XP Security Guide is distributed a .doc...

    --
    "It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
  35. But the POINT is they WON'T stop it. by Ungrounded+Lightning · · Score: 2, Insightful

    I'm sure the major spam firewalls will also have signatures in a relatively short period of time. If my email spam/virus firewall will stop this I'm fine.

    And what do you do about the exploits already mailed to you, before the firewall suppliers figure out signatures and put them in place?

    And if they don't successfully design signatures to catch ALL exploits of the flaw, what do you do about later stuff that exploits the flaw differently, and arrives in the window before signatures for THAT exploit are developed.

    And so on.

    Reactive anti-malware firewalls and filters will always have vulnerability windows between exploit and update and will usually have multiple windows per vulnerability - because updates are triggered by exploits and signatures tend to be tuned to exploits rather than flaws.

    Flaw-fixing has a window of vulnerability too, but only one (if it's done correctly).

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  36. FUD police by symbolset · · Score: 2, Insightful

    The quote in the summary was from TFA and was correct.

    Your guidance is wrong. "Probably" means more likely than not. According to Microsoft's own statistics Fred's XP workstation is "probably" a rooted, keylogging spambot zombie. His files safe? Get real.

    On the other hand, your machine is "probably" exploited already too, so why not just give up? Everyone else has. It's not like anybody wants to read your boring data anyway, right? Besides, what are we to do? If we can't use Office, we might as well give up and go home. We can just keep clicking away those popups until the machine slows down so much it won't function at all and then Ted from IT will fix it. You didn't really like google anyway -- that targeted search assistant is so much better at finding just the right thing. It's like it knows you.

    Never mind.

    --
    Help stamp out iliturcy.
  37. Next piece of helpful advice by DigitAl56K · · Score: 2, Funny

    "Do not start Windows, even when using trusted computing"

    I like Notepad better anyway.

  38. Think before you post by l2718 · · Score: 2, Informative

    What GP was mad about is not that user processes can have bugs, but that user processes could be in a position to threaten the stability of the operating system. He's wrong about the nature of the threat we're talking about here, but that's a separate point.

  39. Re:Tell me about it... by jibjibjib · · Score: 2, Funny
    It's a pain to just write a simple letter.

    Would you like some help?

  40. Re:SLASH! KNOCK OFF THE FUD SUBMISSIONS! by AlXtreme · · Score: 2, Interesting
    JESUS H. CHRIST jumping a barbed wire fence, Slash editors. Who's letting these submissions across the wire? While slash is not a world-class journal or trade rag, it ought tot
    Welcome, you must be new here!

    They actually did say that, but you could claim the slashdot post was misquoted: "Recommendation: Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources. This vulnerability could be exploited when a user opens a file."

    I know this is slashdot, but RTFA.
    --
    This sig is intentionally left blank
  41. If you stick with something long enough, by rssrss · · Score: 3, Funny

    you will be vindicated. I have stuck with Office 97, because I have never thought that any of the "improvements" that M$ has made in newer versions of Office were worth the price of a new program. It is now too old to be affected by the latest virus. Lord, this is sweet.

    --
    In the land of the blind, the one-eyed man is king.
  42. Re:can you not grasp the headline? by glesga_kiss · · Score: 2, Insightful
    ya, it is much better to trust your most secret internal documents to random third party "businessmen" over in whoknowswhereistan after you got *owned*

    No it isn't. How old are you? Have you ever worked in anything other than McDonalds? Company Confidentiality is essential for running a business. It's also a legal requirement in the case of HR records. Uploading particualar records to Google would breach numerous laws and could get you closed down.

    Legal issues aside, it's well known that Google do analysis of their data. Do you really want a bot crawling over your companies secrets? What if your business is something that overlaps with one of Google's products?

    Do Google provide an SLA? Do you even know what an SLA is? What if the site's down, do you just send everyone home for the day? What's their privacy policy? Data safeguards? Encryption? Backups? Version control?

    The rest of your post is equally nonsensical. What does the warranty provided with Microsoft Word have to do with corporate mismanagement and it's possible effects on the western economy? Next you'll be telling me it was Microsoft that invaded Poland.

  43. Re:Latex? by RemovableBait · · Score: 2, Informative

    If you're on the Mac too, then TeXShop is a pretty decent GUI for LaTeX documents. It's universal, open-source (GPL), and ties in with MacTeX and Aqua.

  44. Message to customers: by Futurepower(R) · · Score: 2, Informative

    Here is a message we sent to customers. Links were added for posting on Slashdot:

    Everyone,

    Don't use Microsoft Word. Use Open Office instead. This advice remains effective until Microsoft releases a patch, and it is installed.

    Microsoft just issued a security advisory warning people not to open Microsoft Word documents unless they have the latest version of Microsoft Word, which was just released, and costs $329 for the upgrade, or $679 for the most powerful full version.

    On the security advisory web page the relevant parts are buried in sections that aren't visible unless you click on them:

    "Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file."

    "We recommend that customers exercise extreme caution when they accept file transfers [files] from both known and unknown sources."

    The vulnerability is being actively used to infect user's computers. That's the meaning of the phrase "zero-day" attack in the first sentence of the advisory. None of the anti-virus software vendors have made signatures for this attack yet, which means that anti-virus software CANNOT protect against an attack.

    The reason Microsoft says to "exercise extreme caution" with files received "from both known and unknown sources", is that no one, not even computer consultants, can know whether a source can be trusted, since the anti-virus vendors have not yet made a method of detection for this vulnerability.

    Michael

  45. Re:ITS A TRAP! by johnw · · Score: 4, Funny
    Hey, our current products are insecure! So buy our latest one! It's better!

    Good marketing plan there.

    It's always worked in the past. Why change a winning formula?
  46. Use OO to "defang"? by Kadin2048 · · Score: 2, Interesting

    I initially thought about using OpenOffice; I think it's probably the best solution overall, since it's free and you can get it right now. But let's say you absolutely need to work in Word -- how can you make sure that a document is safe?

    If you opened a document in OO, and then saved it, would the resulting document be guaranteed to be clean? What if you saved it as an RTF and then opened that back up in Word? That would probably lose a lot of people's fancy formatting, but it would preserve most of the content and markup. I suppose the most paranoid thing to do would be to save all documents out to ASCII and then open them up in Word, but at that point you've negated any reason to use Word in the first place.

    If OO tries to open a file, and it has a maliciously-crafted (which to OO, I assume, would appear corrupt) binary object in it, will OO refuse to open the file / remove the corrupt object? Or will it just ignore it and continue on its way?

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  47. Re:No different than trusting a closed source vend by somersault · · Score: 2, Funny

    Maybe the method Word uses to render itself - when used on a certain font with the right combination of letters - infects your brain somehow. I guess it's working on the same principal as flash ads.

    --
    which is totally what she said
  48. This is bad enough... by ThinkFr33ly · · Score: 2, Informative
    ... without spreading FUD along with it. Microsoft did *not* say you shouldn't open documents "even from trusted sources". They said:

    Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file.
  49. Its a good thing by Darkman,+Walkin+Dude · · Score: 3, Funny

    Microsoft is just taking the paperless office to the next level - the documentless office.

    --
    What he can't kill, he has sex on. Trent.
  50. OK, I can't be the only one to expect this... by Miss+Spider · · Score: 2, Funny

    From:
    To: All_Employees
    Subject: Corporate Security Alert
    Significance: High

    Microsoft has announced a security alert pertaining to MSWord - probably all versions. Microsoft recommends not opening any MSWord documents from anyone, until further notice. Please see attached for details.

    Thank you,
    IT Department

    [attachment - MSSecurityAlertDetails.doc - 1,253KB]