MS Office Zero-Day Under Attack

← Back to Stories (view on slashdot.org)

MS Office Zero-Day Under Attack

Posted by Zonk on Sunday February 4, 2007 @10:52AM from the you-know-they've-released-new-software-when dept.

paulBarbs writes "Microsoft is warning users to be on the lookout for suspicious Excel files that arrive unexpectedly — even if they come from a co-worker's e-mail address. In an advisory, Microsoft confirmed a new wave of limited "zero-day" attacks was underway, using a code execution flaw in its Microsoft Office desktop productivity suite. Although .xls files are currently being used to launch the spear phishing attacks, Microsoft said users of other Office applications (Word, PowerPoint, Outlook, Access, etc.) are potentially at risk."

5 of 172 comments (clear)

Min score:

Reason:

Sort:

Re:When will people and businesses learn?! by Technician · 2007-02-04 11:45 · Score: 3, Informative

I would have thought that businesses would be the first to learn. They are the ones who tend to be the most affected by situations like this, especially when hundreds or thousands of Windows-based computers on their internal networks become compromised. It costs them a lot of money to clean up those systems.

At my place of employment (100% MS shop) they have had too many of these kinds of problems. As a solution, all attachments are filtered and removed. It it was an attachment we were expecting, then we could apply to recieve the attachment unless it is an executable. To send an executable file (including MS documents) we are advised to send them as encrypted zip files.

I don't expect this exploit of the week to be much of an issue for us Monday morning except for a couple road warriers who may have gotten it from home.

--
The truth shall set you free!
Um... That's why standards exist by Colin+Smith · 2007-02-04 11:48 · Score: 4, Informative

businesses need to be able to share documents with their business partners and clients, thusly, they must support the same file formats as their business partners and clients. That simply means you need standardised file formats, you don't need the same software.

--
Deleted
1. Re:Um... That's why standards exist by Anonymous Coward · 2007-02-04 12:39 · Score: 1, Informative
  
  Right, the same file format means different implementations, which is why WINE had a WMF flaw just like Windows did
Re:Falling Sales? by sqlrob · 2007-02-04 13:12 · Score: 3, Informative

You can also avoid the attack by setting %TEMP% to no execute permissions. Interesting that they don't say that.
Re:Do we know this for sure? by DelawareBoy · 2007-02-04 13:34 · Score: 2, Informative

My Word 2007 allows me to save in the new Word format, Word 1997 - 2003 (which allows reading things TEN years older, not 3 as you have said), PDF, XPS (which I don't know why I'd use), .txt, RTF, HTML, and a few others..

Why spread this FUD?
Hate Microsoft because of legitimate reasons (like anti-trust), NOT for reasons made up, like a little girl.