Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Word Zero-Day Used In Targeted Attacks

Unknown Lamer posted about 7 months ago | from the upgrade-your-word-processor dept.

Microsoft 88

wiredmikey (1824622) writes "Microsoft warned on Monday of a remote code execution vulnerability (CVE-2014-1761) in Microsoft Word 2010 that is being actively exploited in targeted attacks. If successfully exploited, an attacker could gain the same user rights as the current user, Microsoft said, noting that users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges. 'The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer,' Microsoft explained Microsoft did not share any details on the attacks that leveraged the vulnerability, but did credit Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team for reporting it to Microsoft."

Sorry! There are no comments related to the filter you selected.

Wasn't RTF supposed to be minimalistic and simple? (4, Insightful)

skids (119237) | about 7 months ago | (#46571259)

Last time I looked RTF (decade or so ago) was a pretty bare-bones least-common-denominator document markup specification.

Re:Wasn't RTF supposed to be minimalistic and simp (3, Informative)

Anonymous Coward | about 7 months ago | (#46571275)

Wasn't RTF supposed to be minimalistic and simple?

RTF is. Word isn't.

Word is bloated, cumbersome and buggy.

Re:Wasn't RTF supposed to be minimalistic and simp (0)

Anonymous Coward | about 7 months ago | (#46572673)

Microsoft said, noting that users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges.

In other equally surprising news, users who plop their cock on a sturdy table and hit it repeatedly with a tack hammer *could* experience more pain than users who don't.

Thank God we have Microsoft (and Slashdot) to tell us these important and difficult to understand things!

Re:Wasn't RTF supposed to be minimalistic and simp (0)

Anonymous Coward | about 7 months ago | (#46571409)

Rich Text Format also includes the possibility hyperlinks and other dynamic media, which means the possibility of handling data/code from foreign sources.
No excuse for system-level access of course, but the potential is there once you start dealing with that.

Re:Wasn't RTF supposed to be minimalistic and simp (3, Insightful)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#46571803)

Plus OLE support. Quite a powerful capability; but one of those powerful capabilities best handled carefully, kept away from direct sunlight, protected from shocks, and otherwise treated as though it is just waiting to ruin your day.

Re:Wasn't RTF supposed to be minimalistic and simp (1)

Bacon Bits (926911) | about 7 months ago | (#46575579)

Quite a powerful capability; but one of those powerful capabilities best handled carefully, kept away from direct sunlight, protected from shocks, and otherwise treated as though it is just waiting to ruin your day.

That sounds like an apt description of a computer in general. Or dynamite. Or banks. Or the government. Or beer.

Re:Wasn't RTF supposed to be minimalistic and simp (1)

Ravaldy (2621787) | about 7 months ago | (#46575909)

Customer wants, company gives. Doesn't matter what the risk is, short term its money in the bank. Most companies work this way. Some care more and prevent sale of a product until it's fit. Others release the product knowing it's go major flaws and leans on the ability to push firmware updates.

Re:Wasn't RTF supposed to be minimalistic and simp (2)

symbolset (646467) | about 7 months ago | (#46571825)

You have been able to embed OLE objects since 1992.

Re:Wasn't RTF supposed to be minimalistic and simp (1)

cusco (717999) | about 7 months ago | (#46574699)

And who in the world thinks that Word is usable as an email viewer? It's such a dreadful experience that I'm surprised that MS still offers that option in Outlook.

Re:Wasn't RTF supposed to be minimalistic and simp (1)

SkimTony (245337) | about 7 months ago | (#46577085)

Offers? That's the default behaviour in Outlook through Office 2013.

Re:Wasn't RTF supposed to be minimalistic and simp (1)

symbolset (646467) | about 7 months ago | (#46581503)

Office: for when you have Real Work. You know, like managing money, or social security numbers. Medical records. Industrial controls.

The question......... (2, Funny)

Anonymous Coward | about 7 months ago | (#46571261)

RTF?!

Re: The question......... (5, Funny)

Anonymous Coward | about 7 months ago | (#46571367)

RTFA

WORD !! (-1)

Anonymous Coward | about 7 months ago | (#46571269)

Word !!

Re:WORD !! (0)

Anonymous Coward | about 7 months ago | (#46572337)

Ohh!
Yo pretty ladies around the world
Got a weird thing to show you
So tell all the boys and girls
Tell your brother, your sister
And your mama too
Cause we're about to throw down
And you'll know just what to do

Wave your hands in the air
Like you don't care
Glide by the people as they start to look and stare
Do your dance
Do your dance
Do your dance quick mama, come on baby tell me what's the word
Word up
Everybody say when you hear they call
You've got to get it underway
Word up, it's the code word
No matter where you say it
You'll know that you'll be heard

Now all you sucker DJs
Who think you're fly
There's got to be a reason
And we know the reason why

You try to put on those airs and act real cool
But you've got to realize
That you're acting like fools
Give us music we can use it
We need to dance
We don't have the time
For psychological romance
No romance, no romance
No romance for me, mama
Come on baby tell me what's the word
Word up
Everybody say when you hear the call
You've got to get it underway

Dial "L" for low...
Come on, all you people say...
W-O-R-D up - W-O-R-D up

Re:WORD !! (1)

jones_supa (887896) | about 7 months ago | (#46572795)

Word !!

Word, bro! You certainly deliver a powerful point there. It seems that you excel in life. If I only could make one note, it would be that I see a great outlook for your future.

Re:WORD !! (1)

wwphx (225607) | about 7 months ago | (#46587177)

But only if you have the power to point to it, I can give you access if you want.

this should never have happened (4, Informative)

chromaexcursion (2047080) | about 7 months ago | (#46571291)

A simple protocol, no need for system access.
Oh well, MS seems to have found a way to screw that up.

Maybe Bill should pay to fix it ...

Re:this should never have happened (2, Insightful)

Anonymous Coward | about 7 months ago | (#46571669)

Word processing was a solved problem in 1997, but Microsoft still has to continuously "upgrade" their software to be able to sell it again. They are out of good ideas, so they end up implementing bad ideas like adding system access to a simple protocol.

Re:this should never have happened (1)

K. S. Kyosuke (729550) | about 7 months ago | (#46572161)

Word processing was a solved problem in 1997

Huh, if only... Unless you mean smart-typewriter-level functionality.

They are out of good ideas

They had good ideas once?

Re:this should never have happened (2)

Viol8 (599362) | about 7 months ago | (#46572457)

"Huh, if only... Unless you mean smart-typewriter-level functionality."

You're joking , right? Were you born then or something? I managed to right a dissertation on MacWrite back in 93 without ever once thinking it needed more functionality.

Re:this should never have happened (4, Funny)

marsu_k (701360) | about 7 months ago | (#46572507)

I managed to right a dissertation on MacWrite back in 93 without ever once thinking it needed more functionality.

I'm guessing it didn't include a spell checker?

Re:this should never have happened (3, Funny)

inasity_rules (1110095) | about 7 months ago | (#46572531)

No, his dissertation had obviously been overturned, and using MacWrite, he was able to right it. :D

Re:this should never have happened (1)

Viol8 (599362) | about 7 months ago | (#46572545)

Oh very funny :o)

Re: this should never have happened (1)

fizzer06 (1500649) | about 7 months ago | (#46572841)

Spell check wouldn't catch that.

Re:this should never have happened (1)

CODiNE (27417) | about 7 months ago | (#46575215)

I managed to right a dissertation on MacWrite back in 93 without ever once thinking it needed more functionality.

I'm guessing it didn't include a spell checker?

Nor a grammar checker I'm guessing.

Re:this should never have happened (1)

jones_supa (887896) | about 7 months ago | (#46572811)

Word processing was a solved problem in 1997, but Microsoft still has to continuously "upgrade" their software to be able to sell it again. They are out of good ideas, so they end up implementing bad ideas like adding system access to a simple protocol.

Heh, that's pretty bad trolling attempt.

Re:this should never have happened (1)

Gunboat_Diplomat (3390511) | about 7 months ago | (#46574565)

Word processing was a solved problem in 1997, but Microsoft still has to continuously "upgrade" their software to be able to sell it again. They are out of good ideas, so they end up implementing bad ideas like adding system access to a simple protocol.

For me, one of the absolutely most useful aspects of a word processor is to let multiple people (across teams, partners, consultants, customers, etc.) edit and comment the same document, propose changes -- with author-specific version history tracking, sidebar comments, approve/reject functionality, etc. This has improved greatly not only since 1997 but over the last few generations of Word IMHO. Problem with the "people only need and use 20% of the features of modern Office" reasoning, is that different people use different 20% and tend to make assumptions based on their own anecdotal experience.

Re:this should never have happened (1)

Ravaldy (2621787) | about 7 months ago | (#46575995)

Actually, it wasn't. Integration to sharepoint came after. May not be important to you but some businesses live off those features. You could also say the same about Excel but I can assure you that many of the enhancements made in the recent years were greatly appreciated by many businesses.

Also adaptation to new hardware capabilities came into play to allow richer content and better word processing performance. Take a document with 250 pages that includes images in Word 1997. Do the same in the new version of word. The performance and usability of the document is night and day.

Re:this should never have happened (1)

Hypotensive (2836435) | about 7 months ago | (#46575781)

It's not a protocol at all, it's a format. A protocol describes the details of an exchange between two or more parties.

Block all .RTF attachments (0)

Anonymous Coward | about 7 months ago | (#46571325)

I'm pretty sure nobody would notice or care.

Re:Block all .RTF attachments (3, Interesting)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#46571771)

I'm pretty sure nobody would notice or care.

The one trick (comparatively rare; but it happens at times) is that if you take an RTF document and give it a .doc suffix, Word will interact with it happily enough and I think even save it in the RTF format if you modify-and-save.

This means that if you block by suffix, a remotely clueful attacker will just fix their suffix and carry on; but if you block by format a small and fairly unpredictable subset of '.doc' files will be weeded out for reasons users will be unlikely to grasp.

This would hardly make it the most painful thing routinely inflicted on users in the name of security; but it isn't a plus.

Re:Block all .RTF attachments (0)

Anonymous Coward | about 7 months ago | (#46572547)

Oh, forgot to mention, I believe that the reverse, .doc format file with .rtf suffix, should also work without user-visible comment in many versions/configurations of Word. Not sure about mismatches between docx and rtf formats and suffixes; but it wouldn't entirely surprise me. Obviously files with a mismatch between their actual format and their alleged format cause the hair on the back of the security-conscious neck to rise, given the assorted flavors of creative malice they are put to; but equally obviously, MS wants Word to just work, even if the user is clueless, so there's a strong case for 'if handed a file, attempt to figure out what it is and Don't Bother The User unless the heuristics fail or multiple possibilities are equally valid without human intervention.'

Today RTF is the issue; but this can also be used to sneak macro-laden .doc files past somebody, disguised as non-macro-supporting .rtf files. Not sure if it works for docx. (Though, speaking of docx and malice, y'know what's very handy in hardass corporate firewall land? A .docx is a zip file; but a zip file with a funny extension that IT absolutely cannot block lest all work grind to a halt. Some systems may still rip the most trivial implants, of the 'unzip, add malice.exe' flavor; but a little more effort will get you a .docx file that has your added object; but is still valid OOXML, can still be opened normally in Office, can be 'password protected' as usual, and so on. Just a little bigger than it would otherwise be.)

Some of it may also go back to the fact that Office has long, long, been a cross-platform product, while Mac OS and Windows have long differed on the importance of file suffixes vs. other file type identifiers, which could easily have led to a fair supply of Mac-produced RTF and DOC files whose suffixes were either haphazardly supplied by apathetic mac users who didn't need them, or frantically supplied by windows users trying to get the mystery-file from mac land to open("They said it was a word document, so, um, .doc?").

Re:Block all .RTF attachments (0)

Anonymous Coward | about 7 months ago | (#46572709)

This means that if you block by suffix, a remotely clueful attacker will just fix their suffix and carry on; but if you block by format a small and fairly unpredictable subset of '.doc' files will be weeded out for reasons users will be unlikely to grasp.

Or you could just use a god damned system that isn't riddled with malware the way everything M$ is. There is no longer any reason you could not roll out Linux or BSD workstations administered by someone clueful with nice pretty graphic UIs and installations of LibreOffice. Your users will thank you for systems that Just Work without silly malware paranoia. Your stockholders/partners/managers/owners will thank you for having some security and not letting dipshits use malware to steal customer information or God knows what other data. Microsoft will feel rejected and their fanbois will cry about problems LibreOffice solved years ago back before it was forked from OpenOffice, pretending they are still relevant. But they will get over it.

Or you could go Apple and pay a lot more money for a similar experience and at the same time show your approval for walled gardens, but I for one say fuck that shit. Software freedom is really damned important but most people won't figure that out until they lose it (hey just like real freedoms/civil liberties!)

Re:Block all .RTF attachments (1)

dissy (172727) | about 7 months ago | (#46573679)

I know you are just trolling, but in case anyone considers that you might sound like you know what you're taking about...

Or you could just use a god damned system that isn't riddled with malware the way everything M$ is.

No, actually "you" can't. Our ERP system that runs the company cost around 2.5 million all said and done, and it only runs on Windows.
For our industry, there are only three (3!) such ERP packages in existance, ALL of which require windows to run (Except Oracles product, which can use windows and/or work poorly in non-IE browsers, but better than nothing if you can afford them)

Do YOU plan on cutting me a check to have this non-existant software created and paid for?
No? Hello? I hear crickets from you now.

Every solution you suggest would literally be no different than tossing out every computer and going back to pen and paper. You might as well suggest that a raw pork chop is a far superior weapon to a gun when the stated goal is to kill someone - obviously stupid and incorrect.

There is no longer any reason you could not roll out Linux or BSD workstations administered by someone clueful with nice pretty graphic UIs and installations of LibreOffice. Your users will thank you for systems that Just Work without silly malware paranoia.

Except for that little fact that there is no software to use. Yea, I kinda think our users will notice that tasks previously taking 60 seconds now take 4-8 hours to complete.

Your stockholders/partners/managers/owners will thank you for having some security and not letting dipshits use malware to steal customer information or God knows what other data.

Considering that advice would make the stock holders lose billions and no longer have a business, thanking me would not be on their list of methods to extract revenge and pain out of me.

As a troll I realize you only have the goals of causing pain and misery in others lives, but most of us actually don't enjoy seeing that.

Microsoft will feel rejected and their fanbois will cry about problems LibreOffice solved years ago back before it was forked from OpenOffice, pretending they are still relevant. But they will get over it.

I hate Microsoft garbage as much as the next person, most likely more since I actually use the crap and you clearly admit you don't and thus have no experience about the claims you also made.

The fact of the matter is that no matter how poorly microsoft software works, that poor solution is surrounded on all sides by non-solutions that don't even function. There is nothing better.

But if you truly believe your other solutions will work as drop-in replacements, will earn companies so much more money, and get you placed on a kingly pedestal showered in thanks - just put your money where your mouth is.
Once you pay all the change costs, and take on the risk your suggestions will incur, I will jump at the chance to rid ourselves of microsoft faster than you could sing trololol.

I'm just waiting on that check still...

 

Re:Block all .RTF attachments (1)

wwphx (225607) | about 7 months ago | (#46587277)

Thank you, Dissy. My last job (and probably my next) was in a Windows environment, our ERP-that-is-not-to-be-named abused SQL Server to the point that if you unplugged the server while it was doing a payroll process, you had to load a backup from before the start: the ERP-system-never-sufficiently-cursed did not use SQL Server's transaction log, all record updates were line-by-line using cursors through an application server so that their one pustulent code base would work poorly against SQL Server, Oracle, and something else like PostgreSQL.

They could have written such a better system if they'd let me train their programmers in relational database and modern techniques, instead they forced them out in to retirement.

Too many people think the solution is to drop in *nix, not taking in to account business cases. And we the damned are forced to make it all work.

Re:Block all .RTF attachments (0)

Anonymous Coward | about 7 months ago | (#46573873)

This depends on the industry. Oftentimes, Pages and LibreOffice are 99% compatible with Word. However, that 1% that breaks can cause major formatting errors, making a critical document unreadable.

Also, I'm pretty sure LibreOffice has bugs in it. They might not be as aggressively sought after as MS products, but I'm sure if LO or OOo got to the same popularity as Word, the bad guys will be hammering it hard as well.

Re:Block all .RTF attachments (1)

mlts (1038732) | about 7 months ago | (#46574117)

It isn't the absolute best fix, but MS's EMET (Enhanced Mitigation Experience Toolkit), does stop any attacks via this route. I'm sure EMET probably breaks some apps (easily fixed by adding exceptions, and probably why this tool isn't included in the base OS), but it is worth installing and using.

The best thing about standards is (2)

invictusvoyd (3546069) | about 7 months ago | (#46571439)

There are so many of them to choose from

Re:The best thing about standards is (0)

Anonymous Coward | about 7 months ago | (#46573671)

Geez I hate that statement.

Is LibreOffice vulnerable to the same exploit? (4, Insightful)

mmell (832646) | about 7 months ago | (#46571465)

No? Okay, later.

Re:Is LibreOffice vulnerable to the same exploit? (0)

Anonymous Coward | about 7 months ago | (#46571497)

Neither is vim.

Zero Day emacs flaw... (1)

hawkingradiation (1526209) | about 7 months ago | (#46571571)

Did you know that there is a zero-day emacs flaw which allows an attacker to run arbitrary Lisp code??? Scary, I know, much less vim. If Emacs is to overtake Windows, this type of careless programming has to stop.

Re:Zero Day emacs flaw... (1)

MightyMartian (840721) | about 7 months ago | (#46571615)

I'd love to see a Lisp virus.

Re:Zero Day emacs flaw... (3, Funny)

Anonymous Coward | about 7 months ago | (#46571693)

A lisp virus is the same as a regular virus, except that you pronounce it Lithp Viruth.

Re:Zero Day emacs flaw... (1)

David Gerard (12369) | about 7 months ago | (#46572305)

Re:Zero Day emacs flaw... (1)

cold fjord (826450) | about 7 months ago | (#46573605)

That was fascinating. Thanks for posting it.

Re:Is LibreOffice vulnerable to the same exploit? (0)

Anonymous Coward | about 7 months ago | (#46572259)

Give me vim and LaTeX any day of the week over any modern word processor. The last good version of Microsoft Word was the version that came on 1.44MB diskettes and you could run the word processor without fancy features from the first diskette without needing to install the software. I have been using computers since the early 1980s and with each passing year I find myself preferring the simplicity and power of the command-line. Thankfully, Linus Torvalds created GNU/Linux. If I need a GUI there is always the web browser.

Re:Is LibreOffice vulnerable to the same exploit? (5, Informative)

RoLi (141856) | about 7 months ago | (#46571805)

Probably the MS-fans will think that's a problem, because LibreOffice is not "compatible".

In fact the very fact that LibreOffice is an independent implementation of the file formats is a big advantage, because it is much more robust - When you reverse-engineer something you usually cover all possibilities (of a variable, etc.) - this is also the reason why you can often open corrupted .doc files with LibreOffice.

Re:Is LibreOffice vulnerable to the same exploit? (0)

Anonymous Coward | about 7 months ago | (#46572863)

Still won't use a FOSS office package. Got burned once already. Back in 2009 I was using Open Office to write some papers for a class I was taking. In the middle of a six page paper, the power went out. When it came back on, Open Office failed to recover the auto-save file and trashed 2 hours of work. Checked on-line, this bug was reported in Open Office prior to the release of the version I was using, but the cocksucking faggots put off fixing it until another version. Un-fucking believable. Anyways, after that I moved to Word 2007. Tested the auto-save recovery feature. Works as it shoud. Won't go back. Libre office is also a gay name, further proving that FOSS developrs just don't have any style or class.

Re:Is LibreOffice vulnerable to the same exploit? (0)

Anonymous Coward | about 7 months ago | (#46573353)

You did two hours of work and trusted to any kind of auto back-up???

Re:Is LibreOffice vulnerable to the same exploit? (1)

mmell (832646) | about 7 months ago | (#46578789)

How long have you been working for Microsoft?

Re:Is LibreOffice vulnerable to the same exploit? (1)

hobarrera (2008506) | about 7 months ago | (#46636577)

So, FOSS software is back because you loose your UNSAVED work during a power surge? OH NO!

Ctrl+S is your friend, and always will be.

Libre office is also a gay name, further proving that FOSS developrs just don't have any style or class.

Well, if it's such a happy name, all the more reason to use it! ^_^
Devs don't need class. They just need to develop good software. Period.

Re:Is LibreOffice vulnerable to the same exploit? (1)

mmell (832646) | about 7 months ago | (#46578863)

Actually, back when it was OpenOffice they encountered this question. A known exploit which took advantage of the Word file format was replicated to allow the same exploit to work in OpenOffice. The justification (which was quite correct) was that the exploit took advantage of the file format specification, not a code bug. I.e. - the format itself was flawed, and a correct implementation of the format would not correct the design flaw.

OTOH, Microsoft doesn't own Rich Text format, and RTF is not inherently subject to this exploit. It is a code bug in MS-Office, not in the .rtf format; therefore it is not replicated in LibreOffice/Wordpad/[insert text reader/editor of choice here, except for MS-Office].

Still wouldn't use MS-Office; I can't afford $495.00 for a souped up typewriter.

Re:Is LibreOffice vulnerable to the same exploit? (1)

wwphx (225607) | about 7 months ago | (#46587323)

dBase III+ back in the '80s had a competitor called FoxBase. FB was crazy fast due to a very fast pre-compiler and a greatly improved indexing scheme. FB copied dBase's bugs because they had known workarounds in the programming community, and fixing the bug would break established code. Of course dBase was bought out by Borland, FB was bought out by Microsoft, and the world moved on to better implementations of the relational model.

Re:Is LibreOffice vulnerable to the same exploit? (1)

mmell (832646) | about 7 months ago | (#46590581)

Yeah, that's why I used Clipper. It turned dBase code into very excellent standalone applications, and faster than the dBase interpreter.

Re:Is LibreOffice vulnerable to the same exploit? (1)

wwphx (225607) | about 7 months ago | (#46590723)

My PHBs wouldn't spring for something like Clipper. Still, we did some pretty amazing things with FB.

Yesterday when I started (-1)

Anonymous Coward | about 7 months ago | (#46571499)

But today when I ended. Crazy world or what?

Seriously these are negligent greedy schits (1)

Anonymous Coward | about 7 months ago | (#46571513)

How many years, decades even, has microsoft had the time to understand and get these issues fixed ?

They simply DONT CARE. They retain features like this for their own convenience instead of spending some of those profits on solving the problems these 'easy and vulnerable' solutions of theirs are for.

Thses problems have been identified again and again and whatever bandaids microsoft has done was not a systematic elimination.

Shoddy work with a monopoly is a bad situation and Bill Gates who set the pattern for this company can drink molten gold in hell for the pain he's caused so many people KNOWINGLY.

Re:Seriously these are negligent greedy schits (0)

Anonymous Coward | about 7 months ago | (#46571845)

Thses problems have been identified again and again and whatever bandaids microsoft has done was not a systematic elimination.

This isn't just a problem with proprietary software, like Microsoft Word. This problem can affect open source software when the developers prefer to create shiny new features instead of working to fix bugs.

Re:Seriously these are negligent greedy schits (0)

Anonymous Coward | about 7 months ago | (#46572303)

They simply DONT CARE.

To be fair, neither do I, so it's perfectly understandable.

But my wife loves MS Surface! (0)

Anonymous Coward | about 7 months ago | (#46571533)

Where's that M$ shill now?

Re:But my wife loves MS Surface! (0)

Anonymous Coward | about 7 months ago | (#46572897)

Odd that a site populated with so called intellectuals would prefer to sit in an echo chamber than to engage with people who genuinely have a different view.

Whew, dodged a bullet there! (2)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#46571761)

Privilege escalation is always worse than 'execute with same privileges as user'; but for primarily-end-user software the distinction seems a great deal less helpful (unlike, say, on the server, where attacks isolated to one service account or daemon are legitimately less dangerous). Joe User's security context has access to more or less his entire life in documents and ill-secured website passwords, and enough permission to plant something that will start when he next logs in in a zillion different places that he isn't likely to notice(details will vary by OS; but the only real exception would be the control-freakier mobile ones). So Joe User is screwed at either privilege level, and, from the perspective of fixing the system, conclusively proving that only user-level access was gained and the system is still secure (much less attempting to fix it if it isn't) is so much more time consuming than just nuking it and applying a fresh image that you'd only try in order to get samples of the attacker, not because it's worth the trouble on its own.

Re:Whew, dodged a bullet there! (1)

gradinaruvasile (2438470) | about 7 months ago | (#46571827)

Well its very true. Nowadays there are many user-level malicious programs, mostly various ransomware types which can inflict various levels of annoyances on the users.
Just imagine opening a document and "catching" cryptolocker...

Re:Whew, dodged a bullet there! (0)

Anonymous Coward | about 7 months ago | (#46572461)

Obligatory XKCD https://xkcd.com/1200/

Re:Whew, dodged a bullet there! (0)

Anonymous Coward | about 7 months ago | (#46573917)

If antivirus software didn't suck, keeping the privileged accounts safe would largely mitigate unprivileged code execution by undoing the damage when it detects something fishy. Unfortunately, antivirus software sucks.

O_o (0)

Anonymous Coward | about 7 months ago | (#46571891)

Microsoft privilege levels are a joke, I know of two ways to bypass it right now and even worse I've had them since W7 was in beta.. Honestly I'm surprised nobody else has not figured it out, it's so easy it borders on DaFuq. The simple things are usually the best. :P

@cryptolocker Maybe, CryptoLocker can be decrypted in under 10 mins using ollydbg, sadly it's not something your average user can do on their own, but hopefully that changes with the next generation. :(

Re:O_o (1)

gradinaruvasile (2438470) | about 7 months ago | (#46571935)

You mean you can decrypt the encrypted files without the decryption key?

Re:O_o (1)

Himmy32 (650060) | about 7 months ago | (#46573699)

Yep, let's believe the the AC who can crack RSA 1024 bit triple DES in 10 minutes using a debugger... But in all seriousness here's a neat blog post breaking down what the malware actually does using a couple debuggers including ollydbg before it gets to the encryption part.

Yeah (0)

Anonymous Coward | about 7 months ago | (#46585369)

He works at FtMeade and has access to ALL computers. He does not need stinking keys,as he has a Ton Of Exploits to kidnap all keys on all computers.

Well, at least those who ever dare to connect to the outside world by things like ethernet or USB sticks.

Proofreading would help... (0)

Anonymous Coward | about 7 months ago | (#46572229)

"As an initial workaround until the bug is PATCHES, Microsoft is providing a Fix it automated tool which uses Office’s file block feature and ADDS FEW registry keys to prevent opening of RTF files in all Word versions. "

Idiot.

Why do people continue to use diseased products? (1)

TrentTheThief (118302) | about 7 months ago | (#46572449)

MS Word has been insecure since MicroShaft decided to add VBA and tie Word into the OS. Nothing but virus attacks and worms.

Why the hell do so many people continue using shit products so damned likely to infect their system?

Re:Why do people continue to use diseased products (0)

Anonymous Coward | about 7 months ago | (#46572465)

It has been insecure since day one.

Re:Why do people continue to use diseased products (1)

TrentTheThief (118302) | about 7 months ago | (#46574095)

I don't remember the DOS version being particularly insecure.

Re:Why do people continue to use diseased products (0)

Anonymous Coward | about 7 months ago | (#46572611)

Because we bloody have to.
I use LibreOffice for my own stuff, but if you want to send your CV to an employer, or want to send an offer or an invoice to a customer, or communicate with the government, or basically send formatted text to anyone in the real world, you'll quickly find that they only accept Word documents. And if LibreOffice's export function breaks the formatting in any way, your CV will go into the trash, the offer won't be considered, the invoice won't be paid, and the government won't process your file and later on sue for non-compliance.
The real world floats on Microsoft Office documents which are processed by average people, i.e. vindictive bastards who are only looking for an excuse to screw you over. Until the time comes when the files LibreOffice exports appear pixel perfect identical in Microsoft Office, using anything other than Word, Excel and Powerpoint is out of the question.

Re:Why do people continue to use diseased products (1)

TrentTheThief (118302) | about 7 months ago | (#46574109)

You send actual Word documents outside your control? Thanks asking for trouble. Send a PDF.

Re:Why do people continue to use diseased products (0)

Anonymous Coward | about 7 months ago | (#46572893)

Why the hell do so many people continue using shit products so damned likely to infect their system?

Because we aren't all pole-smoking faggots like you. Never had a problem with MS Word, though I have VBA and Active X disabled on my system. Cry somewhere else.

Re:Why do people continue to use diseased products (1)

TrentTheThief (118302) | about 7 months ago | (#46574119)

LOL. Get ye back under your bridge.

Re:Why do people continue to use diseased products (1)

WaffleMonster (969671) | about 7 months ago | (#46574697)

MS Word has been insecure since MicroShaft decided to add VBA and tie Word into the OS. Nothing but virus attacks and worms.

Why the hell do so many people continue using shit products so damned likely to infect their system?

File -> Options -> Trust Center ... First thing any sane person should do after installing word is turn off all macros and activex/vba without notification.

Most security professionals consider MS the bar (2)

walterbyrd (182728) | about 7 months ago | (#46572521)

> "Most security professionals consider Microsoft the bar every other vendor should strive to meet."

Computerworld said it, so it must be true.

http://www.computerworld.com/s/article/9246837/Perspective_Microsoft_risks_security_reputation_ruin_by_retiring_XP?pageNumber=2

Re:Most security professionals consider MS the bar (1)

dunkindave (1801608) | about 7 months ago | (#46574367)

They're right, if you are not above the Microsoft bar, you should get out of the business.

More interesting (1)

kilodelta (843627) | about 7 months ago | (#46572907)

Is that Google is the one exposin the flaws in Microsoft office. I've recently ditched all things Microsoft. Went over to the dark side, Ubuntu. Why not? It has all the applications and functionality I had on my ancient XP laptop plus a whole lot more. Plus it comes bundled with Firefox and Thunderbird which I was using on my XP box to begin with. All I had to do was copy over my documents, music and profiles for both and I got everything back. And Libre office has come a very long way. Plus I have my NNTP reader, my astronomy program, it's all pretty sweet.

Re:More interesting (0)

Anonymous Coward | about 7 months ago | (#46585331)

You mean you turned on the light ?

CVE where? (0)

Anonymous Coward | about 7 months ago | (#46574017)

The CVE link says that that particular CVE hasn't been assigned yet...

Microsoft word 2010? (0)

Anonymous Coward | about 7 months ago | (#46574107)

I use Microsoft Office online with BSD/OS.

Yes, but... (1)

OneAhead (1495535) | about 7 months ago | (#46580013)

...will it run in Wine?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?