Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

LOL@Microsoft

  • 06-12-2006 12:59pm
    #1
    Closed Accounts Posts: 7,230 ✭✭✭


    Microsoft Issues zero-day attack warning for Microsoft Word.

    Article here: http://www.eweek.com/article2/0,1895,2068786,00.asp

    There's no fix yet, no anti-virus company has a fix yet either, and the recommendation from MS is to "not open or save any word files, even from trusted sources". I find that hilarious. Now is a good time for everyone to change over to OpenOffice. yay!


Comments

  • Closed Accounts Posts: 16,396 ✭✭✭✭kaimera


    /me strokes Office2007.

    Not on the affected list I see.


  • Registered Users, Registered Users 2 Posts: 11,205 ✭✭✭✭hmmm


    The actual MS phrasing is "users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources". I've always wondered what that meant - wear a helmet, shield your eyes?


  • Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,528 CMod ✭✭✭✭Black Swan


    There were a bunch of MS security patches yesterday. Did any of them fix this prob? I thought I saw Word in one of them.


  • Closed Accounts Posts: 6,131 ✭✭✭subway


    There were a bunch of MS security patches yesterday. Did any of them fix this prob? I thought I saw Word in one of them.
    nope


  • Closed Accounts Posts: 114 ✭✭Zoned


    and sure for good measure here's a new one out on Mon 11 Dec....

    http://secunia.com/advisories/23205/

    Here's a simple registry script that sets a Software Restriction Policy that runs any instance of ‘winword.exe’ with the ‘Basic User’ policy.
    http://blogs.securiteam.com/index.php/archives/421

    These holes are being marketed by their discoverers on many hacker websites for 1000s of Euro for exclusive rights to the info and exploit code....:mad:


  • Advertisement
  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,563 Mod ✭✭✭✭Capt'n Midnight


    /me pats openoffice

    http://secunia.com/software_inspector/ - nice little thing that tells you if you need to upgrade your apps if a more secure version is available

    If microsoft office documents wasn't such a common format then IMHO most corporates would block them as the are too risky. Macros were bad enough but the flood of powerpoint vulnerabilites a while back and historically things like WMF mean that I can't see microsoft office documents being trustworthy anytime soon. Add to this the lateness of patches in the past and at present and it's not good.


  • Moderators, Education Moderators Posts: 2,432 Mod ✭✭✭✭Peteee


    If microsoft office documents wasn't such a common format then IMHO most corporates would block them as the are too risky. Macros were bad enough but the flood of powerpoint vulnerabilites a while back and historically things like WMF mean that I can't see microsoft office documents being trustworthy anytime soon. Add to this the lateness of patches in the past and at present and it's not good.

    And yet everyones crying foul now that in 2007 they are switching to XML based document formats.

    Doomed if they do and doomed if they dont.

    Course, they should ahve thought of that when they created the .doc format, but still


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,563 Mod ✭✭✭✭Capt'n Midnight


    Peteee wrote:
    And yet everyones crying foul now that in 2007 they are switching to XML based document formats.

    Doomed if they do and doomed if they dont.

    Course, they should ahve thought of that when they created the .doc format, but still
    Using XML is not the problem
    Switching to proprietary XML, with unclear licensing is the problem.

    Also .RTF documents can have word macros even though they aren't supposed to be saved in that format , nor should word be expected to run macros if they are saved in that format. But microsoft apps try to be helpful (ease of use) even when you try to tell them "you are not at home now, it's dangerous here , sit over there in the corner till I call you" and will in far too many cases attempt to open document they shouldn't - just look at the image vulnerability this time last year.

    DOC format is mainly compatible with other word processors because of reverse engineering. Access, Publisher and Project don't even have a free viewer.


  • Moderators, Education Moderators Posts: 2,432 Mod ✭✭✭✭Peteee


    Using XML is not the problem
    Switching to proprietary XML, with unclear licensing is the problem.

    Using XML is a solution to not having binary formats (like .doc) with the exploits shown above. (Even if the exploit is in the word program, I'm sure it reading a binary format has something to do with it)

    OpenXML has been approved by ECMA as a standard, and has been submitted to the ISO.

    http://en.wikipedia.org/wiki/OpenXML

    I realise the .doc format is readable only through reverse engineering. In other news, Ford dont let Volkswagen have access to schemas for engine designs

    <car analogy alert> :p


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,563 Mod ✭✭✭✭Capt'n Midnight


    http://www.microsoft.com/office/xml/covenant.mspx
    Microsoft irrevocably covenants that it will not seek to enforce any of its patent claims necessary to conform to the technical specifications for the Microsoft Office 2003 XML Reference Schemas posted at http://www.microsoft.com/office/xml/default.mspx (the "Specifications") against those conforming parts of software products.


  • Advertisement
Advertisement