MS Word Zero-Day Exploit Found 396
subbers writes "A zero-day flaw in Microsoft Word program is being used in an active exploit by sophisticated hackers in China and Taiwan, according to warnings from anti-virus researchers. The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail and drops a backdoor with rootkit features when the document is opened and the previously unknown vulnerability is triggered. From the article: 'The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software.'"
Question (Score:2, Interesting)
Most of us shouldn't have to worry... (Score:3, Interesting)
Wonderful! So it only affects the latest-and-greatest versions of Office. Considering that MS hasn't added anything since Office 95 (I still run '97, myself), I expect only business users on SA should ever get hit by this exploit.
Then again, I suppose this means that Microsoft has added something, at least since Office 2000... Namely, more security flaws. Woot! Way to go Billy G! "Focus more on security" indeed.
Good thing... (Score:3, Interesting)
DEP? (Score:4, Interesting)
This is nonsense! (Score:1, Interesting)
Over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over again.
How many years have y'all been virus free, boys? 5? 50? 500? Because, after all, people never get viruses when they have all the avaliable OS updates, all the AV definitions up to date, and a working firewall. Right?
Re:Not overly bad, combined with some others bad. (Score:2, Interesting)
Idiotic practice (Score:3, Interesting)
I have a PDA running WinCE, and I can only sync it with MS Active Sync if I am logged on as administrator. I really detest this. It would be so much better if each member of the family could sync their own PDA when logged in as themselves. However, Active Sync does not appear to support this. This machine has to be connected to the internet to update my WinCE apps. I suspect this makes Active Sync "goods not of merchandisable quality" in the terms of the UK "sale of Goods Act", and I am willing to participate in a class action against MS.
I only use the Windows computer for syncing my PDA. For everything else, I use FreeBSD.
Re:security? (Score:2, Interesting)
How about: - make sure your users don't work as administrator but under an unprivileged user account - setup the system so that this unprivileged user account cannot write in %windir% and %ProgramFiles% - build the network in such a way that programs cannot directly "connect home" but can connect to the Internet only via well-defined proxy servers - setup mail so that incoming office documents opened from mail do not open in Office but in the free Office viewers instead
...and after you do this, how long, exactly, would it be before you were lynched by your users and then sacked by your boss for stopping people from working?
Microsoft stuff ain't good, but seeing as how many, many applications still rely on being able to write to their %ProgramFiles% folder, I think this is going to make your life tricky. Unless you are personally volunteer to keep going back and fixing their PCs everytime they want a new app to run...?
Oh, but your only going to let them run the apps that *you* say they can. They'll love you for that...
Got any remote workers? Going to force them to connect through your managed proxies too? Even when not hooked to the VPN? Again, you can lock them down, but you ain't going to make any friends...
I like the idea of opening incoming docs in a viewer, but who's to say that won't have the same flaw. Oh, and what if the reviewer wants to make a quick change and email it back - pain in the arse if they have to close the viewer, save the file, open in word, edit, save, email. Much easier if you can do it straight from the original viewer...
I do understand your frustration. I really do. But for those of us that live in the real world, you've just got to grit your teeth and work with what you've got. Oh, and make sure that Microsoft feel your pain, of course... :-)
Re:Not overly bad, combined with some others bad. (Score:5, Interesting)
You mean the one that has to be sitting on a server for me to get. That document was blocked a long time ago when someone else clicked on it and IT security stopped access to the IP at the firewall to prevent further spreading from the source.
And now, since I cannot email it to someone else, the virus has to share itself on my drive and spread that link around. Only it can't because the workstation doesn't allow shares. There is a corporate share I place docs on.
So not the virus has to find the corporate share, find a directory I have access to and embed itself there. Then email others in the company. Only most others in the company don't have access to the share I have access to. So most can't open the document.
Now you've slowed it down to only spreading to the team with rights to the share using a medium which can be managed - temporarily block the share - scan for the document and remove it - turn the share back on. Other team members risk sharing with the few people they interact with from other teams, but the virus has to find which people those are from the permissions on the share versus mailing list - a sparse matrix.
Re:security? (Score:5, Interesting)
I don't think so. The system at work has been running like described above for 5 years and there are no real problems. And we are not sitting shaking in our chairs waiting for the next trojan or virus.
many applications still rely on being able to write to their %ProgramFiles% folder
Mostly just hobbyist-in-a-garage stuff and telebanking applications. More serious developers have read Microsoft guidelines over the past years, especially when XP SP2 came out.
The very few exceptions can be managed using a global group and an ACL entry.
Oh, but your only going to let them run the apps that *you* say they can.
This is the basis for any managed IT environment.
Got any remote workers?
Remote workers can only work via the VPN. Because a group policy applied firewall prevents them from connecting directly to the Internet.
Via the Internet they can connect home over VPN and then back out for websurfing via the proxy. This works well.
they have to close the viewer, save the file, open in word, edit, save, email.
Maybe you need to install the viewers and have a look. They actually have a menu entry to "open this document for editing" which automatically transfers control to Office.
I actually dislike the idea of opening an attachment from a basically read-only entity like an incoming mail into a read/write application by default. Users will start editing the document and forget that it cannot be saved back to the original location.
Opening in a viewers shows the user that it is read-only document that they need to save elsewhere to edit it.
Re:security? (Score:3, Interesting)
Let me give you an example: I work as a consultant. My laptop is my life. Every week, there is a chance that I'll have to install some weird VPN software on it, program demos, home grown connection programs and change my registry, firewall and connection setting so that I can properly work in the client's network. If my laptop is set up to your specifications, I'm out of my job. For the simple reason that I don't have the time necessary to propagate these change requests through the proper command structure.
Here's what can be done instead:
- make it actually possible to do daily work with a low-privilege user.
- make it easy to give yourself the necessary privileges when you do need root, admin or something similar.
What's that you say? Get a mac? Hey, tell that to my clients.
How about plain text? (Score:2, Interesting)
Receiving Word attachments is bad for you because they can carry viruses (see http://en.wikipedia.org/wiki/Macro_virus [wikipedia.org]). Sending Word attachments is bad for you, because a Word document normally includes hidden information about the author, enabling those in the know to pry into the author's activities (maybe yours). Text that you think you deleted may still be embarrassingly present. See http://news.bbc.co.uk/2/hi/technology/3154479.stm [bbc.co.uk] for more info. But above all, sending people Word documents puts pressure on them to use Microsoft software and helps to deny them any other choice. In effect, you become a buttress of the Microsoft monopoly. This pressure is a major obstacle to the broader adoption of free software. Would you please reconsider the use of Word format for communication with other people?
Email is supposed to be collaborative. It sucks when people force others to chose between working with them and their software freedom.
Re:security? (Score:2, Interesting)
That's not the worst part. (Score:2, Interesting)
Re:Yes. I think that pretty much exactly... (Score:3, Interesting)
If you can't assume rich text, why assume _english_?
Better yet, why not send a rich e-mail (especially from a variety of applications, or in a commercial sense) that contains multiple encodings, and select the correct language based upon the recipient's lingustic settings.
No reason that iPhoto 2010 "form e-mails" containing images shouldn't contain the image metadata and a, "Hi! So and so send you these " in whatever language the client chooses.
Restricting e-mail to plaintext is no different to restricting the web to gopher. We moved on. So should you.
Re:Patch available (Score:3, Interesting)
And moreover, how many Karma points does this comment gets each time, FOR THE LOVE OF GOD MODS THIS IS UTTERLY REDUNDANT!
I agree that MS Office may not be good, in fact it is a P.O.Shit, and O.O.org is nice, (though a bit slow and big) and also free, but IT IS COMPLETELY AND PURE BULLSHIT to state that it is compatible with the other
, and yes, if people want to put OOorg at the level of MS Office (as a replacement) then OOo MUST do what MSOffice does now, (as good or bad as it does it), while that does not happens just shut the fuck up and continue using your office suite while everyone else is happy using their POS. Micro$uck 0ff1ce (or however you want to call it).
yeah, sorry I just got pissed, in fact I will start with this,
THIS IS THE FIRST COMMENT SAYING THE SAME OOorg-MSOffice compatibility.