Microsoft Confirms Excel Zero-Day Attack 199
Guglio writes "Eweek has a story about a new, undocumented Excel flaw that is being used in a targeted attack against an unnamed business. The latest zero-day attack comes just two days after Patch Tuesday (coincidence?) and less than a month after a very similar, 'super, super targeted attack' against business interests overseas. The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers."
Re:news? (Score:2, Informative)
Actually, it's not that hard. Log in as a limited user, do whaever you need to do, and if you encounter a program that absolutely needs to run as an admin, just right-click > Run as..., enter admin account name and password, and the program will run under the admin account. I personally haven't made the permanent switch to Linux yet, but I think it's comparable to sudo.
Patches Available (Score:4, Informative)
Re:Why read the article? (Score:5, Informative)
Re:Presumably they could but... (Score:3, Informative)
Be carefull!!! In the US, you can be charge with being an accessory to a crime.
Re:It's part of Microsoft's plan - MOD PARENT UP! (Score:3, Informative)
But 'backwards compatibility' made Windows the (in)famous clusterfsck it is.
Imagine how stable and secure Windows would be if Microsoft rewrote and streamlined it (goodbye
There is more to life than 'just making a buck', but when this is done at the corporate level, it transforms everybody it touches to seen-it-all, done-it-all cynics who keep their funds close to them, part with them only when necessary (food/clothing/shelter/heat/lights/vehicle fuel and maintennance/public transport fares/occasional recreational spending) and do anything they can to escape its clutches (i.e. use adblock when online, and A/V devices capable of 'adskipping').
(I 'posted' the text below in an earlier comment here but I can't find the link to it right away. Note, I'm not a shill for this guy, just an admirer of simple, elegant, secure C program code that I can learn from and use in future projects.... It would be nice if the following, complete text was on a standard webpage instead of being imbedded in a compiled HTML file (.chm) =/ )
Re:HOW!?!!?! (Score:3, Informative)
Buffer overflows [wikipedia.org]
Re:HOW!?!!?! (Score:3, Informative)
Now, if the macros were available to an external scripting language like bash or one of the P's, then there would be no reason for the macro language to be able to list or open files, only write to them. Then you'd only have, as the above poster mentioned, buffer overflows and the like.
If we wanted, we could alter our standard libraries so that, for instance, strcpy does bounds checking. Is there a reason not to?
Re:HOW!?!!?! (Score:2, Informative)
Re:HOW!?!!?! (Score:4, Informative)
Basically, what happens is that the Office reading routine creates room on the stack for some variable, to hold X bytes. Right behind those X bytes, there is the return address for the subroutine (so the reader subroutine can actually come back to the original program).
Now, this return address is being overwritten by an address that points into the spreadsheet instead (it's not THAT simple, but that's the general idea behind it). And in that area of the spreadsheet, you don't find spreadsheet data but instead you have executable code. Which is then, of course, executed (because Office thinks it's "his" code).
Quite simple. And easily avoided (the way to do it can be seen below in another subthread, by a rather good example).