Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Office Zero-Day Under Attack

Posted by Zonk on from the you-know-they've-released-new-software-when dept.

paulBarbs writes "Microsoft is warning users to be on the lookout for suspicious Excel files that arrive unexpectedly — even if they come from a co-worker's e-mail address. In an advisory, Microsoft confirmed a new wave of limited "zero-day" attacks was underway, using a code execution flaw in its Microsoft Office desktop productivity suite. Although .xls files are currently being used to launch the spear phishing attacks, Microsoft said users of other Office applications (Word, PowerPoint, Outlook, Access, etc.) are potentially at risk."

9 of 172 comments (clear)

  1. Gates asked for it... by bigredgiant1 · · Score: 2, Interesting

    Maybe this is related to Bill Gates' recent comments, saying he dares someone to do to Microsoft what has recently happened with OS X and zero-days. Careful what you wish for. http://apple.slashdot.org/article.pl?sid=07/02/02/ 1940232

    --
    Vic
  2. Just wondering if this IS MS marketing? by zappepcs · · Score: 3, Interesting

    Lately we've seen memos and emails suggesting just how far MS is willing to go, perhaps in the future we'll see emails or memos describing how malicious software was released into the wild to help people decide to buy the new 2007 applications to go with their new Vista PCs?

    --
    Support NYCountryLawyer RIAA vs People
  3. Glad I switched by AlphaLop · · Score: 3, Interesting

    I am so glad I switched to open office. Now whenever one of these things happens I send the article to my friends along with a link for OpenOffice

    --
    It's only paranoia if your wrong...
  4. Re:It's past time for a better approach by HomelessInLaJolla · · Score: 3, Interesting

    > So, my question is, who's doing it right and how ?

    Code has become so enormous that the answer is, more than likely, nobody.

    I'm still puzzled. Spreadsheet programs, word processors, database programs, etc. etc. etc. all fit on one, maybe two, floppy disks at one time. If anyone wonders how to write secure code the largest starting point is: cut out the advertising glitz and cruft.

    But then the rest of the population would happily go back to sticky notes, $2.99 calculators, pencils, the telephone, US Mail, and the kitchen table (for solitaire) and that wouldn't be profitable for the market sector. So, love it or hate it, just view the security industry not as a problem to be solved but as a tiger to be fed and groomed.

    --
    the NPG electrode was replaced with carbon blac
  5. Mac vulnerable? by Angostura · · Score: 2, Interesting

    That's odd - the advisory suggests that Mac Office v.x and 2004 are vulnerable, but that certainly doesn't chime with the mechanism quoted. What's going on here?

  6. Re:If only 50% of the population used MS Office by cnettel · · Score: 3, Interesting

    Yeah, cause we know that pyramid schemes and MLM require each and every recipient to join the game. If only 50 % of the population used Office, but each infected machine sent out two copies (and each was opened), we would have a steady state of fresh infections. Logic like yours might have worked when the primary vector was the actual work documents, or floppy disks. With mass mailings, even a very small fraction could ensure a significant outreach. The question is simply if the explosive phase will be delayed enough to put extra countermeasures into place.

  7. It's not funny, why laugh? by suv4x4 · · Score: 4, Interesting

    I fail to see why posts talking about vulnerabilities in widely used software is tagged "haha". Is it really so funny?

    The zombies that will result from those attacks will send spam even to your tricked out Linux PC. You're laughing at your own expense. Have fun.

  8. Re: eComStation and OpenOffice.org by user_ecs · · Score: 1, Interesting

    eComStation and OpenOffice.org is the cure I use.

    eComStation is more stable than windows but a lot easier than Linux

    For Christmas I bought a system from CSS.
    http://www.curtissystemssoftware.com/preloads.htm

    It came preloaded with a OpenOffice.org. Has quality hardware (instead of the Dell's lowest bidder components). Even had ECC memory.

    Even with out anti-virus software it is immune to all this crap. I also don't have to worry about the vendor shutting down my OS or apps remotely in the future.

  9. Re: eComStation and OpenOffice.org by Planesdragon · · Score: 4, Interesting

    I also don't have to worry about the vendor shutting down my OS or apps remotely in the future.

    Hi. I'm a PC user, with an HP laptop, and Office 2007. Not too long ago I had Vista Beta on this thing. And you know what? I don't have to worry about the vendor shutting me down ever. You know why? Because I live in a country that follows the rule of law, and can prove in a court that I purchased these things legally.

    Part of me wishes they'd try -- it's amazing how good the upgrade from "punative damages" would be.