×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Issues Zero-Day Attack Alert For Word

kdawson posted more than 7 years ago | from the incoming dept.

Security 483

0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

483 comments

Microsoft Recommends.. (5, Funny)

sylvainsf (1020527) | more than 7 years ago | (#17123564)

That the business world just stop for a few minutes(days, weeks) while they fix this.

Now might be a good time to try ... (5, Informative)

Anonymous Coward | more than 7 years ago | (#17123614)

Re:Now might be a good time to try ... (5, Insightful)

Anonymous Coward | more than 7 years ago | (#17123728)

Yes! Great idea! Just trust all of your internal documents to a random third party company with no privacy guarantees. But hey, at least they've made a vague "Do no evil" promise!!1!

Re:Now might be a good time to try ... (0)

Anonymous Coward | more than 7 years ago | (#17123870)

Random? Your definition of that word is fairly interesting.

Re:Microsoft Recommends.. (5, Funny)

Anonymous Coward | more than 7 years ago | (#17123684)

I wish Microsoft were a person. Then I could go up and kick that person in the nuts.

let me be the first to say (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17123754)

Bwahahahahahaha hahahahahahaha!!

mod me troll

Looks like a long work day tomorrow (4, Funny)

filesiteguy (695431) | more than 7 years ago | (#17123574)

If I can't even open my friends' documents then what am I - as a manager to do?

Oh, wait - I don't do anything anyway and my life revolves around Excel.

Nevermind.

Re:Looks like a long work day tomorrow (1)

bogaboga (793279) | more than 7 years ago | (#17123638)

Oh sure? So it looks like a long work day for you tomorrow? I have some work for you.

Please begin putting together a schema for OpenOffice.org using the recently GPLed Java framework. I am very certain that this will keep you busy enough.

By the way, am I alone in thinking that it would be a good idea to have OpenOffice.org re-written in the Java language? The Java license is now very appealing.

Re:Looks like a long work day tomorrow (5, Funny)

thrillseeker (518224) | more than 7 years ago | (#17123716)

By the way, am I alone in thinking that it would be a good idea to have OpenOffice.org re-written in the Java language?

very alone ...

Re:Looks like a long work day tomorrow (0, Troll)

daft_one (532587) | more than 7 years ago | (#17124094)

Yeah, I agree. It should be rewritten in Python!

Re:Looks like a long work day tomorrow (1)

newt0311 (973957) | more than 7 years ago | (#17124134)

I personally think that half of the openoffice devs should go to lyx and work on perfecting it while the other half go to tex4ht so that I can make odt files out of latex sources and who ever has a problem with this can go and develop a super format conversion kit to convert any document format to any other document format. Now... bring on the aplause.

Re:Looks like a long work day tomorrow (1, Interesting)

bluefoxlucid (723572) | more than 7 years ago | (#17124120)

I recommend a full rewrite in C. OOo is C++ and Java, and it shows. It's an ugly code base and it's slow and bloated. It gave us one great thing: Michael Meeks dropped load time 40-70% by rewriting the linker and adding new types of non-standard hash tables, as well as sorting of both standard (without violating standards) and non-standard hash tables and elf symbols.

But you know why he did it? Because the way C++ symbols work, they flood us with namespace and class symbols, tons of vague linkage, and all kinds of cruft; around 90% of the time OOo spends loading is due to having to process data that's only there from C++, which a similar feature-for-feature C re-implementation wouldn't have (like name spaces and classes and virtual tables and such). Usually you can rewrite and get around having such things; it makes code a little more complex sometimes though, and I do recommend some form of object oriented language when you really need CLASS INHERITANCE.

Re:Looks like a long work day tomorrow (1)

nine-times (778537) | more than 7 years ago | (#17123720)

I have two words for you: As long as you PowerPoint, you're all set.

Re:Looks like a long work day tomorrow (1, Informative)

Anonymous Coward | more than 7 years ago | (#17123978)

That's a lot more than two words. Perhaps you should have used the preview button?

Re:Looks like a long work day tomorrow (3, Funny)

aibrahim (59031) | more than 7 years ago | (#17124126)

> I have two words for you: As long as you PowerPoint, you're all set.

>> That's a lot more than two words. Perhaps you should have used the preview button?

Never attended a presentation ? Thats actually a Powerpoint users notion of two words.

business (1)

Feyr (449684) | more than 7 years ago | (#17123576)

not open .doc ? are they fucking insane? 90% of the business is just that messing with .doc

guess we know who to thanks when productivity drops to zero in the coming days!

Re:business (0)

Anonymous Coward | more than 7 years ago | (#17123774)

Boy am I glad I'm an Electrical Engineer. I haven't seen a .doc file since college. Everything I load up is in pdf.

Mature (0)

Anonymous Coward | more than 7 years ago | (#17124084)

Once you mature professionally, you'll be writing lots of papers and hardly use any of the tools you currently use today - or whatever the replacements are. Then you'll create the PDF files for other to read and reference.

I spend my working hours in outlook, word and excel plus a browser. Then I create PDF v1.6 files so none of the non-Adobe PDF readers can open them. Our lawyers are pansies.

5 years ago, I'd spend those hours in vim, Visual Studio, StarTeam, xxgdb and a few xterms typing 'make'.

Re:business (0)

Anonymous Coward | more than 7 years ago | (#17124146)

No there not insane, As usual it is the article submitter/poor slashdot editing at fault here. MS didn't recommend not opening or saving word documents. They recommended not opening "UNSOLICITED" word documents received in email. It is amazing how one word makes the difference between and informative article and complete FUD as this one it.

Not quite... (0)

Anonymous Coward | more than 7 years ago | (#17123580)

The summary is slightly misleading.

In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.


In other words, make sure you know what you're opening. But still - wtf. This is very serious.

On a lighter note, the unofficial workaround is to use vi. MS says Emacs too complicated and competes with Windows.

Lets see... (4, Funny)

jlarocco (851450) | more than 7 years ago | (#17123604)

So let me get this straight... For the time being the only safe Word files are new files that other people don't need to open?

But hey, you saved a ton of money on retraining costs.

Re:Lets see... (1, Insightful)

ceoyoyo (59147) | more than 7 years ago | (#17123658)

Microsoft doesn't recommend using .doc as a data exchange format anyway. They say to use .pdf for that. .doc files aren't reliably readable enough. ;)

Re:Lets see... (2, Interesting)

dwater (72834) | more than 7 years ago | (#17123986)

Any reference for that? I'd love to be able to quote such to ... well, anyone, really.

what about OO.org? (4, Insightful)

no reason to be here (218628) | more than 7 years ago | (#17123618)

Could the problem be avoided by opening the any .doc files with OO.org? i'm assuming that the exploit will only work if the file is actually opened with word, so it would stand to reason that opening it with some other application would be safe. can anyone tell me why i'm wrong?

Re:what about OO.org? (1)

sowth (748135) | more than 7 years ago | (#17124144)

I would assume since OO does not have the same code base, it will probably not be affected. However, it does not mean OO doesn't have exploits of its own. It all depends on how well coded and audited OO is.

Haiku looks like an interesting project. How well does it work so far?

Good Advice (4, Funny)

antonyb (913324) | more than 7 years ago | (#17123620)

Microsoft suggests that users 'not open or save Word files,' even from trusted sources."

Good general advice, really. They should put that on the Office packaging, like on a packet of cigarettes.

ant

A Smarter Choice (2, Insightful)

Anonymous Coward | more than 7 years ago | (#17123632)

Microsoft suggests that users 'not open or save Word files,' even from trusted sources.
Unless you're using OpenOffice [openoffice.org] .

Work-Around = OpenOffice (4, Informative)

Tsu Dho Nimh (663417) | more than 7 years ago | (#17123640)

In the meantime, download and use OpenOffice [openoffice.org]

Re:Work-Around = OpenOffice (1)

arifirefox (1031488) | more than 7 years ago | (#17123814)

i would want to make sure before you even try to open .doc files from openoffice. after all, this affects office for mac too

"Word"? (1)

Mihai Cartoaje (606735) | more than 7 years ago | (#17123644)

"Word" is a generic term in word processing. WordStar existed before Microsoft Word.

Re:"Word"? (0)

Anonymous Coward | more than 7 years ago | (#17123678)

It isn't generic anymore.
Bitch

Re:"Word"? (1)

jpardey (569633) | more than 7 years ago | (#17123786)

I could be wrong, but I don't think WordStar invented words either...

It's pretty common now to call Microsoft Word just Word.

Re:"Word"? (1)

joshetc (955226) | more than 7 years ago | (#17123968)

For some reason I dont think Microsoft cares about exploits in WordStar or any other non-Microsoft Word application.

Not open or save? (3, Funny)

Aardpig (622459) | more than 7 years ago | (#17123648)

So, Microsoft are basically telling us to stop using Word? Sounds like great advice to me -- cheers, Bill!

So many versions, same bug (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17123654)

This implores the question: what has the Microsoft Word team been doing between 2000 and 2006?

Re:So many versions, same bug (2, Funny)

jibjibjib (889679) | more than 7 years ago | (#17123694)

Making the Ribbon [wikipedia.org] , and then congratulating themselves on how cool it looks, and then making advertisements with people with dinosaur heads.

Open Office to the rescue (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#17123664)

I wonder if this would happen if you were to use Open Office to open the word document.

What happens when you open an infected file anyway?

It's like comedy, only funnier (1)

Dracos (107777) | more than 7 years ago | (#17123674)

First, an exploit in IE causes MS to tell us to type in links manually rather than click them.

Now MS advises everyone not to use their flagship bloatware? There simply aren't enough R's, O's, F's and L's in the fabric of space-time to express how funny this is.

Or they're just scraping the bottom of the barrel for ideas on how to get people to upgrade to Vista and Office 2007.

Re:It's like comedy, only funnier (0)

Anonymous Coward | more than 7 years ago | (#17123788)

You talk with a listhp, don't you?

Re:It's like comedy, only funnier (1)

ewl1217 (922107) | more than 7 years ago | (#17124062)

I think not...

#!/bin/bash
rofl=1
until [ "$rofl" = "0" ]
do
echo "ROFL"
done

Ha! (0)

Anonymous Coward | more than 7 years ago | (#17123676)

I _TOLD_ ya the only version of word worth owning is 97. NOW do you believe me???

Is it April 1st already? (1)

beavis88 (25983) | more than 7 years ago | (#17123682)

Seriously, please be a joke. This shit is going to be hell to try and explain to everyone at work, and then un-explain later, without totally fucking up all the investment in getting them to not infect their machines with all manner of crap. :(

Bah, typical bullshit non-edited craptastic blurb (3, Informative)

beavis88 (25983) | more than 7 years ago | (#17123738)

And typical me not reading TF security advisory before posting. The actual wording from Microsoft is:

Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.

Re:Bah, typical bullshit non-edited craptastic blu (5, Funny)

munrom (853142) | more than 7 years ago | (#17124116)

Ah, license to ignore any unexpected memos for the next couple of days, excellent

zero day (2, Interesting)

Anonymous Coward | more than 7 years ago | (#17123692)

What the heck does zero-day mean?

Re:zero day (3, Informative)

kcbanner (929309) | more than 7 years ago | (#17123750)

It means an exploit there is no patch for! Its the zeroth day that they know about it :P

Re:zero day (4, Informative)

DebateG (1001165) | more than 7 years ago | (#17123830)

Zero day [wikipedia.org] : At the time the details of the exploit are published (or the patch is released), there already is an active exploit being circulated. I guess if you don't know exactly when the exploit was released it's a technically "less than or equal to zero-day" exploit, but that doesn't sound as sexy.

Re:zero day (4, Informative)

LarsG (31008) | more than 7 years ago | (#17123836)

It means that there is a working exploit out there in the wild, which is using a vulnerability that was previously unknown to the security community / the software maker. That is, there was zero days warning.

Re:zero day (2, Informative)

nine-times (778537) | more than 7 years ago | (#17123864)

A simple search [wikipedia.org] would turn up the answer. It basically means there's no warning, and no time to prepare. The exploit's existence is made public the same day as the flaw's existence.

Misleading summary (4, Informative)

2cv (651583) | more than 7 years ago | (#17123696)

The Security Advisory doesn't say not to open any DOC files. It says:
Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources. This vulnerability could be exploited when a user opens a file.
I wish sometimes I could mod article summaries...

2cv

Problems with reportage? (2, Interesting)

symbolset (646467) | more than 7 years ago | (#17123842)

EWeek is pretty good about reportage and editing. If their article says (and it does):
There are no pre-patch workarounds available. Microsoft suggests that users "not open or save Word files," even from trusted sources.
Then I believe they got that answer when they asked. Perhaps their phone reps are more forthright than their website. Imagine that.

Not opening Word files seems like a good idea. Microsoft IP's in them, and that's icky.

Re:Problems with reportage? (1)

bunions (970377) | more than 7 years ago | (#17123916)

Gee, let me think. Believe EWeek, or believe that Microsoft said to stop opening word documents until further notice?

Hmmmm....

I'm gonna go with "misquote."

Article Summary is Flamebait (2, Informative)

Somegeek (624100) | more than 7 years ago | (#17123704)

Hey, I like to bash Microsoft as much as the next guy, but there is a pretty bad rewrite going on here.

Microsoft DOES NOT suggest that

users 'not open or save Word files,' even from trusted sources."
as stated in the summary.

What they do say is :

Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources.

That is nothing more than standard precautions that one should take anyway. If you aren't expecting an attachment, don't open it. If you are expecting it, and it is from a trusted source, go ahead.

Nothing to see here, move along...

Re:Article Summary is Flamebait (4, Insightful)

Kludge (13653) | more than 7 years ago | (#17123796)

That is nothing more than standard precautions that one should take anyway. If you aren't expecting an attachment, don't open it. If you are expecting it, and it is from a trusted source, go ahead.

Really? I get documents that I'm not expecting all the time. I never have any fears opening Latex documents from anybody. You Microsoft folks sure have funny security.

Re:Article Summary is Flamebait (5, Funny)

Perseid (660451) | more than 7 years ago | (#17123934)

Yeah, they taught me in school that latex was a good way to guard from viruses.

Just to be safe.. (4, Funny)

Absolut187 (816431) | more than 7 years ago | (#17123708)


Microsoft suggests that users 'not open or save Word files,' even from trusted sources."
[pause] You know what - Just to be safe, maybe you just shouldn't boot up any Windows PCs for a few days. And if you do: For god's sake, don't plug in a network cable.

Blurb slightly-FUD (3, Informative)

Repton (60818) | more than 7 years ago | (#17123722)

The actual quote from the Microsoft page is:

Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file.

If you send an email to Fred saying "Can you send me xxxx", and Fred replies, saying "Here it is", you can probably safely open the attachment. You should just exercise caution when Fred sends you an email out of the blue saying "Hey, read this would you?".

I LOVE YOU!!!!!! (0)

Anonymous Coward | more than 7 years ago | (#17123772)

The Link Vic! Don't Click The Link!!!!

But we wuz too late...the Reverend...saw the light!

Re:Blurb slightly-FUD (1)

Elixon (832904) | more than 7 years ago | (#17123810)

> If you send an email to Fred saying "Can you send me xxxx", and Fred replies, saying "Here it is",
> you can probably safely open the attachment. You should just exercise caution when Fred sends you
> an email out of the blue saying "Hey, read this would you?".

Should Fred open my message "Can you send me xxxx" if it was not preceded by Fred's message "Can you send me your 'Can you send me xxxx'"?

Or should I pick up the phone to inform the Fred that I'm sending the "Can you send me xxxx" message to make him sure he can safely open my message and reply with "Here it is"?

Evolution cannot be stopped (even if going in circles ;-)

Re:Blurb slightly-FUD (0)

Anonymous Coward | more than 7 years ago | (#17123874)

An email is not a word document now, is it? You're obviously not very intelligent. Hey, check out this Interesting.Doc [youre-stupid] file!!!

Re:Blurb slightly-FUD (2, Insightful)

Iriestx (1033648) | more than 7 years ago | (#17124044)

If you send an email to Fred saying "Can you send me xxxx", and Fred replies, saying "Here it is", you can probably safely open the attachment. You should just exercise caution when Fred sends you an email out of the blue saying "Hey, read this would you?".
That doesn't keep Fred from sending you a infected file. Fred gets an email of an unsolicited .doc. Fred runs the attachment. Fred infects his word files. You call Fred asking for for a specific file. Fred sends you said file, infected hours ago from his attachment. It's not unsolicited. It's from a trusted source. That doesn't mean it's not infected.

Here's a workaround (0, Redundant)

spiritraveller (641174) | more than 7 years ago | (#17123726)

Microsoft suggests that users 'not open or save Word files,' even from trusted sources.

Uhhhh, right.

How about just opening those files in openoffice, mmmmmkay?

The Evolution of Microsoft Office (1)

Elixon (832904) | more than 7 years ago | (#17123744)

> 'not open or save Word files,'
Do they call it "The Evolution of Microsoft Office"?

> To help you understand more about the merits of Microsoft Office 2003, we are preparing the new series of FREE training courses for you.
TRAINING COURSE - RULE#1: Don't open or save Word files!

> It's time for an evolution! Act now to take the Microsoft Office 2003 Training Courses and get rid of your current backward office!
TRAINING COURSE - RULE#2: Since you cannot open/save your documents... get rid of your current backward Office!

More Office tips and tricks: http://www.microsoft.com/hk/office/officetips/defa ult.mspx [microsoft.com]

Just in Time For... (1)

ookiiniku (1022165) | more than 7 years ago | (#17123762)

Thats right, College finals! Just what we need when all those papers are due. "Sorry Prof. I can't write that research paper for you, nor can you open it safely... Guess I should get an A."

Tell me about it... (1)

MsGeek (162936) | more than 7 years ago | (#17123976)

Really freaking super BAD timing, man. Thanks one hell of a lot, MicroShaft.

And there is a POLICY here where you absolutely, positively, HAVE TO have MS Office and USE IT here at Woodbury University. I was using OO.o on Linux for the longest time and sending things out as PDF to profs, but one of my profs wanted to COMMENT ON MY DOCUMENTS so no using OpenOffice and getting by.

Unfortunately I don't think ANY of my profs are going to accept the "zero-day Word exploit, sorry, no paper for you" excuse.

Re:Tell me about it... (1)

pyite (140350) | more than 7 years ago | (#17124104)

And there is a POLICY here where you absolutely, positively, HAVE TO have MS Office and USE IT here at Woodbury University.

This would seem like an alternate universe to me, coming from Rutgers [rutgers.edu] where, like many other universities, not using Word is the norm and people look at you funny when you don't use TeX or some variation thereof. I can't imagine having to use Word for any real work. It's a pain to just write a simple letter.

Re:Just in Time For... (0)

Anonymous Coward | more than 7 years ago | (#17124022)

Its called Notepad. There is also Google Docs and Spreadsheets.

Obvious Response (4, Insightful)

cheese-cube (910830) | more than 7 years ago | (#17123808)

And thus begins the torrent of Microsoft mocking posts. Get your mod-points out and set them to +5 Funny because the laughs are only just beginning. *sigh*

text is where it's at! (1)

PenguinBoyDave (806137) | more than 7 years ago | (#17123840)

I'm seeing this as a HUGE opportunity to start the text document revolution. You can get really creative with characters and create some really romantic notes with text. Chicks would surely go nuts for a guy who could create character-based graphics with text!

Zero-day? (1, Insightful)

mclearn (86140) | more than 7 years ago | (#17123868)

I thought the definition of "zero-day" was an exploit issued on the same day as a patch or fix. eg. a new patch is sent out, but contains ANOTHER security hole. Someone issues a new exploit based on said hole on the same day is said to have issued a zero-day exploit. This sounds like someone picking up on the word "zero-day" and making it sound more dramatic than it really is.

Re:Zero-day? (1)

dbarclay10 (70443) | more than 7 years ago | (#17123998)

This use of the phrase "zero-day" is not new; it's commonly used in circles where security plays an important role to refer to a publicly-known/available vulnerability/exploit for which 0 days of notice was given to the vendor.

While Microsoft and Oracle and friends would have you believe that the IT community at large is irresponsible and we just go ahead and use bullhorns to broadcast our latest vulnerability find, it's actually quite unusual to come across a real vulnerability (which this appears to be) for which the vendor was given no notice nor opportunity to fix the issue in a reasonable (read: weeks, not months) timeframe.

The term may have at one point been used to refer to example exploit code which was provided on the same day as the vendor's fix, but that certainly isn't the common usage today.

HTH

Re:Zero-day? (2, Informative)

Tharkban (877186) | more than 7 years ago | (#17124088)

I thought Zero-day refered to the first day that a vulnerability is publicly available. Start counting up from there. I've seen it used in every possible way though. Sometimes I gather people are refering to the day the patch was issued. Wikipedia doesn't really clear it up http://en.wikipedia.org/wiki/Zero_day [wikipedia.org]

OMG OFFICE SUCKS (1, Informative)

darkzeroman (939170) | more than 7 years ago | (#17123882)

Why dont you just RTFA? It clearly says "Recommendation: Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources." But instead of reading, people are just to busy to type "OMG OFFICE SUCKS(etc)" or "OPENOFFICE is the BEST" Sidenote: Currently using 2007 Standard Trial, and liking it.

Re:omg office sucks (0)

Anonymous Coward | more than 7 years ago | (#17124080)

I recommend prying of the caps lock key on your keyboard, your the only person I see using it.

Spam/Virus firewalls (2, Interesting)

Twillerror (536681) | more than 7 years ago | (#17123920)

I'm not to worried about this because most users are aware of attachment exploits like this.

I'm sure the major spam firewalls will also have signatures in a relatively short period of time. If my email spam/virus firewall will stop this I'm fine.

For the home user it is a bit more of an issue. At the same time most people use Yahoo, MSN, Google or some other account that has active scanner that I'm sure will be able to block these in the short run...if not by analyzing the file by analyzing the subject line. Heck, chances are it'll look like spam to my firewall won't let it thru to begin with.

I do wish MS would put out the technical details of this exploit. It sounds like some sort of a buffer overflow. Something tells me it is a graphic insert of some sort, but who knows.

Eh, What's up(loaded) .DOC? (1)

Thorrablot (590170) | more than 7 years ago | (#17123950)

(Wite apologies to Bugs Bunny)

By now you've seen dozens of postings about using OpenOffice as an alternative until Redmond patches this (One might even suspect this is a marketing ploy to encourage everyone to upgrade to Office 2007, but... naaahhh)

Folks - if there's malicious content - why take *any* chances? Upload the document to Google's Writely.com [writely.com] and be really insulated from malicious code!

Trusted Computing Means? (1)

BoRegardless (721219) | more than 7 years ago | (#17123964)

Sounds like it means Trusted to Be Risky.

Well, I'll just get out my "Trusty" CanOpener application (don't laugh as it works) and use it to open my .doc files on my Mac.

What is the chance that we will see the fix in a.. (1)

Joe The Dragon (967727) | more than 7 years ago | (#17123984)

What is the chance that we will see a fix in a week. As next week is the company's scheduled December Patch Tuesday, but there is no word yet from Microsoft on the timing of its fix for Word.

Early Adopters (1)

Slite01 (1020539) | more than 7 years ago | (#17124004)

Ho! But does it affect Word '97 which my company is currently stuck on? Wait a minute... Maybe my company gets the picture... I mean, if you fail to upgrade for long enough do people give up and quit exploring for exploits for it? Or does it just mean that the software is too antiquated have the same vulnerabilities as today's software? Let this be a lesson to you "Early Adopters". Oh nevermind, I want my Word 2k3 (or soon to be 2k7) with or without it's 0-day flaw.

How do they know if it is Zero Day? (0)

Anonymous Coward | more than 7 years ago | (#17124020)

Why not -1 day or -2 day or -99 day? They only way they could tell is if they are in cahoots with whoever released the exploit.

Community issues patch in record time! (0)

Anonymous Coward | more than 7 years ago | (#17124050)

Download here [openoffice.org] .

Main Page (1)

MBHkewl (807459) | more than 7 years ago | (#17124064)

How come MS's front page mentions nothing of the incident? Shouldn't their visitors/customers be alerted? ...

This aughta make FINALS more interesting... (5, Funny)

surfcow (169572) | more than 7 years ago | (#17124098)

Dear Professor,

My final project for the semester is attached as a Word document. If you have any problems reading it, please let me know. Me and everyone else in your address book.

Don't have to worry about grading it. By the time you read this, I will have used the root-kit to grade it myself.

Nice porn, by the way! You dog! We'll make this our little secret.

love,
toodles

I advise the same thing (2, Funny)

erroneus (253617) | more than 7 years ago | (#17124118)

Except that I have been saying that for years. MS Doc format is an untrustworthy format. It has been known to carry unexpected payloads in the past and there are alternatives which are known to be safer yielding similar if not identical results for most people. (And if someone thinks they actually NEED to have VBA in a word document, I'd have to suggest there's probably a better way to program your way out of the situation you find yourself in. I just haven't been able to think of a good reason to have programming code in a Word document and I haven't seen a good example either. Can anyone offer a reason good enough?

ODT works well... hell, for that matter RTF works well enough for most people.

Fair is fair... (2, Interesting)

zappepcs (820751) | more than 7 years ago | (#17124128)

At least there was a warning rather than 43 unannounced patches next Tuesday, I'll say that much for them. Its a shame that there is no patch yet though. Without saying how detrimental this will be for MS, I'm thinking that now I can't tell people that OOo is just like MS Office but free... now I have to tell them that its probably safer too. Ugggh, the people that want OOo and F/OSS software to be as good as MS Office and OS products really bug me, and this story is exactly why.

Ya, sure, MS is the biggest target, so gets more hacker attention. Just the same, being king of the hill is not easy, and F/OSS software makers should do their best to simply keep doing things well, rather than doing them 'just like MS does' as its not working out so good for Redmond today.

Do everything that 80+% of users want, do it very well, and let the Excel gurus and desktop publishing companies do the things for those other 12% or so. That's the biggest bang for buck right there. That 12% might be the biggest spenders, but they also don't care about the cost, or don't want to retrain or convert etc. ad nauseum.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...