Pearl Harbor Comes Early for Microsoft Word Users

Author	All Replies
ksw_92 join:2001-05-13 La Verne, CA ·Verizon FIOS ·RoadRunner Cable ·Verizon Online DSL 1 edit	Pearl Harbor Comes Early for Microsoft Word Users Microsoft has announced a zero-day attack on Word. CERT, eWeek and Slashdot are spreading the word and supposedly there's no workaround except to ~~NOT USE WORD~~ only open documents from trusted sources. Editorial: Like, wow, man...if this is true and exploits are being used then it is a major incident. Yes, perhaps advisory triggers a little hysteria, but how many Word files fly around the net everyday and how many people don't think twice about opening an email attachment that has a familiar from-address?
	to forum · permalink · · 2006-12-05 22:31:41 ·
NetFixer Freedom is NOT Free Premium join:2004-06-24 Murfreesboro, TN ·AT&T Southeast ·Vonage ·Cingular Wireless ·AT&T CallVantage 1 edit	said by Microsoft Security Advisory (929433) : In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker. It's déjà vu all over again. Been there, done that, and yes I used to actually have a Microsoft tee shirt. -- Outsourcing is *not* the same as Offshoring! Test your firewall. \| Smell the flowers.
	to forum · permalink · · 2006-12-05 22:36:02 ·
Link Logger Premium,MVM join:2001-03-29 Calgary, AB	reply to ksw_92 Has anyone received one of these nasties? Blake
	to forum · permalink · · 2006-12-06 04:17:39 ·
mysec Premium join:2005-11-29	reply to ksw_92 quote: From the MS Advisory: What causes the vulnerability? When a user opens a specially crafted Word file using a malformed string, it may corrupt system memory in such a way that an attacker could execute arbitrary code. Remember, that should this file somehow get past your common sense and be executed, like most malware, the arbitrary code attempts to install something. From an earlier MSWord exploit: »blogs.securiteam.com/?p=586 Q: Are there any visual effects informing about the infection? A: No. Q: Are there any changes to file system made by related malware? A: Yes. The file WINWORD.EXE is being dropped to the Windows %Systemroot% folder. When the related worm activates it will drop the following files: Windows\System32\clipbook.exe [30,720 bytes] Windows\System32\clipbook.dll [33,713 bytes] -------------------------- Surely everyone here is protected against such remote code execution. Check with your friends to see that they are also -rich ______________________________________________ "Talking About Security Can Lead To Anxiety, Panic, And Dread... Or Cool Assessments, Common Sense And Practical Planning..." --Bruce Schneier
	to forum · permalink · · 2006-12-06 11:37:48 ·
La Luna Surviving Ashraful Premium join:2001-07-12 Warwick, NY clubs:	reply to ksw_92 More info here: »Microsoft Security Advisory (929433)
	to forum · permalink · · 2006-12-06 12:18:14 ·
Doctor Four My other vehicle is a TARDIS Premium join:2000-09-05 Dallas, TX	reply to ksw_92 What about Open Office? It can handle Word documents. Is it also affected, or is it just MS Word?
	to forum · permalink · · 2006-12-06 13:10:40 ·
gugarci Premium join:2004-02-25 Bergen Co ·Comcast	I open about 50 Words documents per day. I'm a recruiter. My IT dept has not contacted us. Until they do I will keep working as usual. But at home, I will not open any Word documents for now. Thanks.
	to forum · permalink · · 2006-12-06 13:29:52 ·
Bobby_Peru Premium join:2003-06-16	reply to ksw_92 Thanks for the heads-up! I noted that MS "Word Viewer 2003" is also listed as being vulnerable. Here is an other instance of a once-thought "secure" routine (at least by this user) allegedly becoming vulnerable. -- How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach
	to forum · permalink · · 2006-12-06 17:27:36 ·
joako Premium join:2000-09-07 /dev/null ·AT&T U-Verse	reply to Doctor Four said by Doctor Four : What about Open Office? It can handle Word documents. Is it also affected, or is it just MS Word? I hope not, I started to use OpenOffice instead of MS office recently, even on Windows. -- Am Heimcomputer sitz' ich hier, und programmier' die Zukunft mir
	to forum · permalink · · 2006-12-06 18:01:08 ·
altermatt Premium join:2004-01-22 White Plains, NY ·Verizon Online DSL	reply to ksw_92 said by ksw_92 : only open documents from trusted sources. Yeah, well, remember, trusted sources do NOT include your clueless newbie friends (:) and ducking.) I HATE when they say that in advisories, since the majority of people out there are pretty clueless when it comes to security, and unknowingly pass nasties along. -- The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick
	to forum · permalink · · 2006-12-06 19:43:14 ·
orph4824 I Ate What?? join:2001-04-26 Greeneville, TN	reply to joako I'll bet if OpenOffice is affected we'll see an update from them well before M$ releases an hotfix...
	to forum · permalink · · 2006-12-06 19:49:06 ·
claudeo join:2000-02-23 Redmond, WA	reply to gugarci said by gugarci : I open about 50 Words documents per day. I'm a recruiter. My IT dept has not contacted us. Until they do I will keep working as usual. But at home, I will not open any Word documents for now. Thanks. You're a sitting duck. And so is your company.
	to forum · permalink · · 2006-12-06 20:34:16 ·
gugarci Premium join:2004-02-25 Bergen Co ·Comcast	said by claudeo : said by gugarci : I open about 50 Words documents per day. I'm a recruiter. My IT dept has not contacted us. Until they do I will keep working as usual. But at home, I will not open any Word documents for now. Thanks. You're a sitting duck. And so is your company. It's OK. If there's trouble I'll just sit back and watch the show.
	to forum · permalink · · 2006-12-06 22:08:56 ·


Saturday, 28-Nov 05:15:29	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF