MS Office Zero-Day Under Attack

← Back to Stories (view on slashdot.org)

MS Office Zero-Day Under Attack

Posted by Zonk on Sunday February 4, 2007 @10:52AM from the you-know-they've-released-new-software-when dept.

paulBarbs writes "Microsoft is warning users to be on the lookout for suspicious Excel files that arrive unexpectedly — even if they come from a co-worker's e-mail address. In an advisory, Microsoft confirmed a new wave of limited "zero-day" attacks was underway, using a code execution flaw in its Microsoft Office desktop productivity suite. Although .xls files are currently being used to launch the spear phishing attacks, Microsoft said users of other Office applications (Word, PowerPoint, Outlook, Access, etc.) are potentially at risk."

39 of 172 comments (clear)

How old are you? by HomelessInLaJolla · 2007-02-04 10:56 · Score: 5, Funny

Dear Exploit,

How old are you? How long have you been available in the wild? How long did your brother exist in SP1 before you came along in SP2? Do you have a cousin which works in Win98/SE? How long have corporate managers been using you to spy on their employees?

Signed,

Secret Admirer

--
the NPG electrode was replaced with carbon blac
When will people and businesses learn?! by Anonymous Coward · 2007-02-04 10:56 · Score: 2, Insightful

How many more exploits will we need to encounter with Microsoft products before people realize that it's just not worth it to use such flawed software?

I would have thought that businesses would be the first to learn. They are the ones who tend to be the most affected by situations like this, especially when hundreds or thousands of Windows-based computers on their internal networks become compromised. It costs them a lot of money to clean up those systems.

Of course, such expenditure could have been prevented in the first place were they using suitable office software. And that doesn't mean OpenOffice.org on Linux. There are many other alternatives, especially when using Mac OS X. Those alternatives can often exceed Microsoft's products in terms of quality, usability, features and security.
1. Re:When will people and businesses learn?! by Anonymous Coward · 2007-02-04 11:20 · Score: 2, Funny
  
  Well, in Microsoft's defense, the next version of Windows is going to be even more secure! Stick with us, because we care, damn it! Honest! I swear!
  
  . .. and if anyone disagrees, I will throw a chair at them to prove just how much we care!
  
  Signed,
  
  Ballmer
2. Re:When will people and businesses learn?! by Technician · 2007-02-04 11:45 · Score: 3, Informative
  
  I would have thought that businesses would be the first to learn. They are the ones who tend to be the most affected by situations like this, especially when hundreds or thousands of Windows-based computers on their internal networks become compromised. It costs them a lot of money to clean up those systems.
  
  At my place of employment (100% MS shop) they have had too many of these kinds of problems. As a solution, all attachments are filtered and removed. It it was an attachment we were expecting, then we could apply to recieve the attachment unless it is an executable. To send an executable file (including MS documents) we are advised to send them as encrypted zip files.
  
  I don't expect this exploit of the week to be much of an issue for us Monday morning except for a couple road warriers who may have gotten it from home.
  
  --
  The truth shall set you free!
3. Re:When will people and businesses learn?! by Jessta · 2007-02-04 12:49 · Score: 3, Insightful
  
  You obviously aren't paying attention.
  There have been many security flaws reported for OpenOffice.
  
  The problem is not Microsoft specific. It's a problem with overly complex software. Word processors are overly complex which means that there is a lot of code that can contain errors. Most users don't use the full functionality of the software and therefore don't require it to be so complex.
  
  One of the great advantages of gentoo(and other source based package management) is that you can leave out functionality in a program that you're not going to use. This means less code that can be exploited.
  
  --
  ...and that is all I have to say about that.
  http://jessta.id.au
4. Re:When will people and businesses learn?! by LeDopore · 2007-02-04 14:51 · Score: 3, Insightful
  
  Serious question: "How many gentoo users actually DO hand pick the features they compile?" My guess is that:
  
  1 It might be hard to know what you can safely leave out of a compile and not break anything
  2 It's difficult to foresee every function you are going to want in a program at compile-time, even if you're familiar with it
  3 There are so many programs on a typical Linux box that to hand-choose modules for them all would take ages.
  
  I guess in some environments (like cash register systems) you're doing only one thing and you want many identical machines, so it's possible to trim a bit more. However, for my desktop needs, selecting exactly the features I want wouldn't work for the above 3 reasons.
  
  --
  Expected time to finish is 1 hour and 60 minutes.
5. Re:When will people and businesses learn?! by Beer_Smurf · 2007-02-04 17:42 · Score: 3, Funny
  
  We use a system that is so hosed that we smash every computer with a hammer before it comes in the door.
  Great.
what? by macadamia_harold · 2007-02-04 10:58 · Score: 5, Funny

MS Office Zero-Day Under Attack

*rereads headline* what?

--
Push Button, Receive Bacon
1. Re:what? by JoshJ · 2007-02-04 11:00 · Score: 3, Funny
  
  It's simple. Microsoft's "Zero-Day" product has been under attack by Offices. Probably for being so full of zeros. They need to fill in more of the 0's with 1's.
  
  --
  Care about privacy? Read this!
I open Excel files 1 day after I receive them by product+byproduct · 2007-02-04 11:02 · Score: 5, Funny

to protect myself against 0-day attacks.
Does not affect Office 2007 by ThinkFr33ly · 2007-02-04 11:04 · Score: 4, Insightful

The fact that this does not affect Office 2007 suggests that Microsoft is learning from their mistakes.

This is further supported by other software they have released that went throught their "secure development lifecycle" initiative, including IIS 6.0, IIS 7.0, Windows Vista, Windows Server 2003, etc.

Of course, IIS 7 and Vista have only been out there for a few months now... so, obviously, the jury is still out on them.
Bill was RIGHT. by Anonymous Coward · 2007-02-04 11:07 · Score: 2, Funny

The other day, Bill Gates suggested to Newsweek the the Mac is super-insecure due to lack of code base drama within Mac OS X:
The number [of Vista security flaws] will be way less because we've done some dramatic things in the code base. Apple hasn't done any of those things. He was so right. It is time for Mac users to upgrade to Vista, after all, TFA says:
Confirmed vulnerable: [...]Office 2004 v. X for Mac. There you have it fanboyz... CMD-. your life away! Vista all the way baby!
Re:because it's not that easy by grcumb · 2007-02-04 11:18 · Score: 2, Insightful

businesses need to be able to share documents with their business partners and clients, thusly, they must support the same file formats as their business partners and clients.
The moral of the story is: If everyone else jumped off a cliff, why yes, we would jump too.

It's an unfortunate but inescapable aspect of human societies that we value conformity above our individual safety.

--
Crumb's Corollary: Never bring a knife to a bun fight.
Gates asked for it... by bigredgiant1 · 2007-02-04 11:18 · Score: 2, Interesting

Maybe this is related to Bill Gates' recent comments, saying he dares someone to do to Microsoft what has recently happened with OS X and zero-days. Careful what you wish for. http://apple.slashdot.org/article.pl?sid=07/02/02/ 1940232

--
Vic
Just wondering if this IS MS marketing? by zappepcs · 2007-02-04 11:23 · Score: 3, Interesting

Lately we've seen memos and emails suggesting just how far MS is willing to go, perhaps in the future we'll see emails or memos describing how malicious software was released into the wild to help people decide to buy the new 2007 applications to go with their new Vista PCs?

--
Support NYCountryLawyer RIAA vs People
Re:because it's not that easy by Anonymous Coward · 2007-02-04 11:26 · Score: 3, Insightful

It's an unfortunate but inescapable aspect of human societies that we value conformity above our individual safety. you missed the moral, friend. The moral is that we value our ability to conduct business above our individual safety.
Glad I switched by AlphaLop · 2007-02-04 11:30 · Score: 3, Interesting

I am so glad I switched to open office. Now whenever one of these things happens I send the article to my friends along with a link for OpenOffice

--
It's only paranoia if your wrong...
1. Re:Glad I switched by mccalli · 2007-02-04 12:08 · Score: 4, Funny
  
  I am so glad I switched to open office. Now whenever one of these things happens I send the article to my friends along with a link for OpenOffice
  
  Do you send links to any of these OpenOffice vulnerabilities as well?
  
  Cheers,
  Ian
Re:It's past time for a better approach by HomelessInLaJolla · 2007-02-04 11:31 · Score: 3, Interesting

> So, my question is, who's doing it right and how ?

Code has become so enormous that the answer is, more than likely, nobody.

I'm still puzzled. Spreadsheet programs, word processors, database programs, etc. etc. etc. all fit on one, maybe two, floppy disks at one time. If anyone wonders how to write secure code the largest starting point is: cut out the advertising glitz and cruft.

But then the rest of the population would happily go back to sticky notes, $2.99 calculators, pencils, the telephone, US Mail, and the kitchen table (for solitaire) and that wouldn't be profitable for the market sector. So, love it or hate it, just view the security industry not as a problem to be solved but as a tiger to be fed and groomed.

--
the NPG electrode was replaced with carbon blac
Um... That's why standards exist by Colin+Smith · 2007-02-04 11:48 · Score: 4, Informative

businesses need to be able to share documents with their business partners and clients, thusly, they must support the same file formats as their business partners and clients. That simply means you need standardised file formats, you don't need the same software.

--
Deleted
Mac vulnerable? by Angostura · 2007-02-04 11:53 · Score: 2, Interesting

That's odd - the advisory suggests that Mac Office v.x and 2004 are vulnerable, but that certainly doesn't chime with the mechanism quoted. What's going on here?
Nevermind that... by Sodki · 2007-02-04 11:56 · Score: 2, Funny

... look how pretty Ribbon is!
Re:If only 50% of the population used MS Office by cnettel · 2007-02-04 12:01 · Score: 3, Interesting

Yeah, cause we know that pyramid schemes and MLM require each and every recipient to join the game. If only 50 % of the population used Office, but each infected machine sent out two copies (and each was opened), we would have a steady state of fresh infections. Logic like yours might have worked when the primary vector was the actual work documents, or floppy disks. With mass mailings, even a very small fraction could ensure a significant outreach. The question is simply if the explosive phase will be delayed enough to put extra countermeasures into place.
Re:Do we know this for sure? by DelawareBoy · 2007-02-04 12:08 · Score: 4, Insightful

If you follow that logic, anything not open source is open to that vulnerability, Microsoft or not...

However, if you actually try the code which does impact Office 2003 and earlier additions, it does NOT work. Makes me glad I got my free copy of Office 2007.
It's not funny, why laugh? by suv4x4 · 2007-02-04 12:08 · Score: 4, Interesting

I fail to see why posts talking about vulnerabilities in widely used software is tagged "haha". Is it really so funny?

The zombies that will result from those attacks will send spam even to your tricked out Linux PC. You're laughing at your own expense. Have fun.
Re:because it's not that easy by zcat_NZ · 2007-02-04 12:22 · Score: 4, Funny

If only there were a single, well defined and completely open document format that could be used by anyone, with any office suite. That would be just great.

--
455fe10422ca29c4933f95052b792ab2
Re:It's past time for a better approach by flyingfsck · 2007-02-04 12:30 · Score: 3, Insightful

MS wrote loads of stuff with C++ and the C stings library especially, is total crap. Also, with C++, it is fundamentally impossible to know when it is safe to destroy an object and free its memory. MS is therefore suffering from a bad choice of compiler and coding methods years ago. Their problems won't go away anytime soon.

--
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Re:Gates and Microsoft deserve all the scorn by steeviant · 2007-02-04 13:10 · Score: 2, Funny

I say we just put up with the problems in Windows.
Windows just needs time to mature.
At the moment Microsoft are undergoing a big shake up.
Everyone has their foibles, and Windows is no different.
No software is perfect.
Microsoft are really trying to turn things around.
Re: eComStation and OpenOffice.org by Planesdragon · 2007-02-04 13:11 · Score: 4, Interesting

I also don't have to worry about the vendor shutting down my OS or apps remotely in the future.

Hi. I'm a PC user, with an HP laptop, and Office 2007. Not too long ago I had Vista Beta on this thing. And you know what? I don't have to worry about the vendor shutting me down ever. You know why? Because I live in a country that follows the rule of law, and can prove in a court that I purchased these things legally.

Part of me wishes they'd try -- it's amazing how good the upgrade from "punative damages" would be.
Re:Falling Sales? by sqlrob · 2007-02-04 13:12 · Score: 3, Informative

You can also avoid the attack by setting %TEMP% to no execute permissions. Interesting that they don't say that.
Re:Do we know this for sure? by DelawareBoy · 2007-02-04 13:34 · Score: 2, Informative

My Word 2007 allows me to save in the new Word format, Word 1997 - 2003 (which allows reading things TEN years older, not 3 as you have said), PDF, XPS (which I don't know why I'd use), .txt, RTF, HTML, and a few others..

Why spread this FUD?
Hate Microsoft because of legitimate reasons (like anti-trust), NOT for reasons made up, like a little girl.
Re:OO by zCyl · 2007-02-04 14:23 · Score: 3, Funny

Linux? never heard about it...
It's simple. Linux is to Windows what Data was to Hal.
Re: eComStation and OpenOffice.org by dr.badass · 2007-02-04 14:58 · Score: 3, Funny

For Christmas I bought a system from CSS.

Did you get an employee discount?

--
Don't become a regular here -- you will become retarded.
Re:Gates and Microsoft deserve all the scorn by steeviant · 2007-02-04 16:25 · Score: 2, Insightful

Bill Gates is a great man, he is giving all his money away to charity.
Without Microsoft computers would be much harder to use and more expensive.
Etc.

I wasn't so much trying to be funny as regurgitating some of the sugar-coated bullshit I've been spoon-fed by the media over the past couple of years leading up to the release of Vista.

My honest opinion from what I've seen of Bill Gates is that he seems very insincere most of the time, like he is trying to hide deep seated insecurities behind a veneer of smugness. I suspect he is really fixated on how people perceive him.

Continuing in the amateur psychology vein, I think that his deep seated insecurities shaped Microsoft and guided it's behavior.

Would a company that was proud of it's creations feel that they had to constantly intimidate hardware partners in order to ensure they keep using that software, or specifically adjust their software to make it incompatible with competing software?

Personally I think those are the actions of a company that believes that their customers, given a choice, would rather migrate away.
Comment removed by account_deleted · 2007-02-04 17:37 · Score: 3, Insightful

Comment removed based on user account deletion
Re: eComStation and OpenOffice.org by glindsey · 2007-02-04 18:02 · Score: 2, Insightful

I don't have to worry about the vendor shutting me down ever. You know why? Because I live in a country that follows the rule of law, and can prove in a court that I purchased these things legally.

So your solution is that we keep receipts of every single thing we purchase because the burden is upon us, the consumers, to prove that everything we have purchased is legal?

Gee, that sounds like a wonderful solution. "Why are you so worried about the government mandating cameras in your house? Surely, if you're not a criminal, you have nothing to hide!"
Re: eComStation and OpenOffice.org by bogd · 2007-02-04 18:04 · Score: 2, Insightful

From what I've heard, Vista will disable some of its features if it considers itself a pirated version. Considering the track record of its predecessor (the many cases where XP flagged down legal versions as being pirated), you may just come to the point where that happens. I wish you lots of luck going to court with that...
And I really mean it - if enough people do that (and manage to actually win the case), maybe MS will reconsider its policy of "stop the pirates, no matter how many legitimate users get caught in the middle".
The Irony by Tom · 2007-02-04 21:54 · Score: 4, Funny

Hi Bill. Didn't you just brag about windos security?
I dare anybody to do that once a month on the Windows machine. February: check

--
Assorted stuff I do sometimes: Lemuria.org
Re:Falling Sales? by TheThiefMaster · 2007-02-04 22:26 · Score: 2, Insightful

Unfortunately a lot of installers seem to extract themself to %temp% and then run one of the extracted files to continue, so this isn't a permanent solution. Unless you're not ever going to install anything that is.