Microsoft Issues Zero-Day Attack Alert For Word

← Back to Stories (view on slashdot.org)

Microsoft Issues Zero-Day Attack Alert For Word

Posted by kdawson on Tuesday December 5, 2006 @02:51PM from the incoming dept.

0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."

17 of 483 comments (clear)

Microsoft Recommends.. by sylvainsf · 2006-12-05 14:53 · Score: 5, Funny

That the business world just stop for a few minutes(days, weeks) while they fix this.
1. Re:Microsoft Recommends.. by Anonymous Coward · 2006-12-05 15:03 · Score: 5, Funny
  
  I wish Microsoft were a person. Then I could go up and kick that person in the nuts.
2. Re:Microsoft Recommends.. by JoGlo · 2006-12-05 15:56 · Score: 5, Funny
  
  Oooooh! She wouldn't like that!
  
  --
  Will those of you who think that you know what you are doing, get out of the way of those of us who know what we are doi
3. Re:Microsoft Recommends.. by Firehed · 2006-12-05 16:21 · Score: 5, Insightful
  
  As will OpenOffice.org on all platforms. That's not the point - how on earth can someone code so sloppily that a WORD PROCESSOR has a serious security exploit?! And more importantly, what feature in aforementioned WORD PROCESSOR requires *anything* that could pose a security issue?
  
  Maybe the notion of writing all my papers in HTML wasn't so insane after all... no more of these archaic "pages", and it would certainly be a more reliable way of turning in assignments than e-mail attachments. Take care of a formatting stylesheet once, and from there on it's just using the <p> tag to full appropriateness.
  
  --
  How are sites slashdotted when nobody reads TFAs?
4. Re:Microsoft Recommends.. by ergo98 · 2006-12-05 16:36 · Score: 5, Insightful
  
  The Slashdot summary is deceptive (probably deliberately).
  
  It's probably closer to the mark than "receive unexpectedly". If someone in a corporation became infected, and they infect documents on a shared network location -- game over. Other users don't have to "receive" it via a classic-email virus, but rather they just have to go about their daily business. You touched on this yourself, and it is why this does basically mean "there be dragons" for all word files in corporations.
  It can't be triggered automatically, and limited accounts (like every Vista system) will be largely unaffected.
  
  Phew! Now that we know that the burgeoning community of Vista users will be "largely unaffected", we're safe! That comprises the set that downloaded and installed the RTM from MSDN, so at a minimum, around an installed base comparable to QNX.
  
  In any case, "largely unaffected" is more deceptive than the Slashdot summary (which came right from Cnet) -- the risk of compromises nowadays are seldom that they'll reconfigure your drivers or repartition your drive, thus requiring admin rights (when was the last time a virus was actually maliciously destructive in such a manner?), but rather that they'll compromise data integrity/security. If Bob is a normal user, but he's in HR and thus has rights to HR information, then so does an exploit running as Bob the unprivileged numbers-monkey.
5. Re:Microsoft Recommends.. by mikael · 2006-12-05 16:44 · Score: 5, Informative
  
  how on earth can someone code so sloppily that a WORD PROCESSOR has a serious security exploit?!
  
  The usual reason - a local buffer created from the stack set to a fixed size. ie.
  
  char cbuf[MAX_BUFFER];
  
  I would guess that the Microsoft Word document file will be arranged using a chunk data format:
  file header followed by object headers with type, version, length, followed by binary data for that object
  In this way, unknown chunks can just be skipped over.
  
  It would be no surprise that each programmer coding a particular object (formula, table) would assume that only
  they would be theonly one writing read/write routines for their particular object, and choose to use a local stack
  buffer to store the raw binary data, before converting it to the internal data structure.
  
  When reading the document, they would just read the header as normal (type,version,length), then read the specified
  amount of object data without checking the validity of the length.
  
  And it only takes one programmer to make this mistake in order to create a security vulnerability that compromises
  the entire application. Get the right type of data in the Word document, and you could theoretically load and execute
  some executable code stored the file.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Now might be a good time to try ... by Anonymous Coward · 2006-12-05 14:58 · Score: 5, Informative

http://docs.google.com/
1. Re:Now might be a good time to try ... by Anonymous Coward · 2006-12-05 15:07 · Score: 5, Insightful
  
  Yes! Great idea! Just trust all of your internal documents to a random third party company with no privacy guarantees. But hey, at least they've made a vague "Do no evil" promise!!1!
Re:Looks like a long work day tomorrow by thrillseeker · 2006-12-05 15:06 · Score: 5, Funny

By the way, am I alone in thinking that it would be a good idea to have OpenOffice.org re-written in the Java language?

very alone ...
Oh, great! by Marsala · 2006-12-05 15:23 · Score: 5, Funny

Yet ANOTHER feature Word has that OpenOffice doesn't. :(
Re:Article Summary is Flamebait by Perseid · 2006-12-05 15:25 · Score: 5, Funny

Yeah, they taught me in school that latex was a good way to guard from viruses.
This aughta make FINALS more interesting... by surfcow · 2006-12-05 15:42 · Score: 5, Funny

Dear Professor,

My final project for the semester is attached as a Word document. If you have any problems reading it, please let me know. Me and everyone else in your address book.

Don't have to worry about grading it. By the time you read this, I will have used the root-kit to grade it myself.

Nice porn, by the way! You dog! We'll make this our little secret.

love,
toodles
Re:Bah, typical bullshit non-edited craptastic blu by munrom · 2006-12-05 15:45 · Score: 5, Funny

Ah, license to ignore any unexpected memos for the next couple of days, excellent
Exercise caution... by flyingfsck · 2006-12-05 15:50 · Score: 5, Funny

How is one supposed to exercise caution when opening a Word document? Do click on it slowly and deliberately, or do you click it carefully after giving the PC a pat on the head...

--
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Re:Looks like a long work day tomorrow by Jello+B. · 2006-12-05 16:09 · Score: 5, Funny

Obviously. This is Slashdot, not IRC.
we're all going to die.... by cheeseboy001 · 2006-12-05 16:21 · Score: 5, Funny

Did anyone else read that as "Microsoft Ossues Zero-Day Attack Alert For World"?
Re:Looks like a long work day tomorrow by mollymoo · 2006-12-05 16:58 · Score: 5, Funny

If I can't even open my friends' documents then what am I - as a manager to do?

I don't know where you got your MBA, but the low-hanging fruit is there to be picked - in simple terms, you need to synergize new communications opportunities by leveraging existing facilities. Incentivize your staff to maximally capitalize on the benefits of an approach which unifies the output of global arboreal facilities, exsting team-member dexterity and some pens.

--
Chernobyl 'not a wildlife haven' - BBC News