Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Microsoft word 2003 users should read this

Reply
Thread Tools

Microsoft word 2003 users should read this

 
 
Shane
Guest
Posts: n/a
 
      05-19-2006
http://news.zdnet.com/2100-1009_22-6...ml?tag=nl.e589


Its the same old same old, dont open documents from untrusted sources

The vulnerability was confirmed in Word 2003, Symantec said. The malicious
file caused Word 2000 to crash, but did not run the malicious payload, it
added.

--
Rule 6: There is no rule 6

 
Reply With Quote
 
 
 
 
Nathan Mercer
Guest
Posts: n/a
 
      05-21-2006

Shane wrote:

> http://news.zdnet.com/2100-1009_22-6...ml?tag=nl.e589
>
>
> Its the same old same old, dont open documents from untrusted sources
>
> The vulnerability was confirmed in Word 2003, Symantec said. The malicious
> file caused Word 2000 to crash, but did not run the malicious payload, it
> added.


http://blogs.technet.com/msrc/archiv...20/429612.aspx

A quick check-in on the Word vulnerability
Hi everyone, Stephen Toulouse here again. I wanted to catch you up on
where we're at with our investigation of the Word vulnerability.

First off on the vulnerability itself: I want to reiterate we're hard
at work on an update. The attack vector here is Word documents
attached to an email or otherwise delivered to a user's computer.
The user would have to open it first for anything to happen. That
information isn't meant to say the issue isn't serious, it's just
meant to clearly denote the scope of the threat.

Now, we've received singular reports of attacks and have been working
directly with the couple of customers thus far affected. In analyzing
the malware we've added detection to the Windows Live Safety Center,
and we've passed all that information over to our antivirus partners.
But in breaking down the current malware we discovered some
commonality to the current attack. The attack we've seen is email
based. The emails tend to arrive in groups, they often have fake
domains that are similar to real domains of the targets, but the
targets are valid email addresses.

Currently two of the subject lines we have seen are:
Notice
RE Plan for final agreement

The attack we have seen so far requires admin rights, so limitations on
user accounts can help here. I want to repeat that customers who
believe they are affected can contact Product Support Services. You
can contact Product Support Services in North America for help with
security update issues or viruses at no charge using the PC Safety line
(1866-PCSAFETY) and international customers by using any method found
at this location:

http://support.microsoft.com/security.

So far, this is a *very* limited attack, and most of our antivirus
partners are rating this as "low". But we're working to
investigate any variants we might see to make sure detection is out
there, as well as working on the update to address the vulnerability.

S.

PS: Michael Howard recently wrote a great article for not running as
admin. It can be found here:
http://msdn.microsoft.com/security/s...re01182005.asp

 
Reply With Quote
 
 
 
 
Have A Nice Cup of Tea
Guest
Posts: n/a
 
      05-21-2006
On Sat, 20 May 2006 18:41:29 -0700, Nathan Mercer wrote:

> Hi everyone, Stephen Toulouse here again. I wanted to catch you up on
> where we're at with our investigation of the Word vulnerability.
>
> First off on the vulnerability itself: I want to reiterate we're hard
> at work on an update.


What?? He's not "really excited" about this?

Come on, Nathanbot - you can do better than that. How about another post
from Micro$oft where the... <grin> ah ... "developer" is "really excited"
to be working on yet another programming blund... err... effort to fix
security holes in their own department's work!


Have A Nice Cup of Tea

--
1/ Migration to Linux only costs money once. Higher Windows TCO is forever.
2/ "Shared source" is a poison pill. Open Source is freedom.
3/ Only the Windows boxes get the worms.

 
Reply With Quote
 
John in Surrey
Guest
Posts: n/a
 
      05-21-2006
On Sun, 21 May 2006 15:07:21 +1200, Have A Nice Cup of Tea <(E-Mail Removed)>
wrote:

buzz off and go update all your open source with the latest versions
to fix all the bugs....
..

Images of home (NZ)
http://www.titahi-bay.co.nz/home
What we are up to in the UK
http://www.titahi-bay.co.nz
 
Reply With Quote
 
Jennings
Guest
Posts: n/a
 
      05-21-2006
On Sun, 21 May 2006 08:10:58 +0100, John in Surrey wrote:

> On Sun, 21 May 2006 15:07:21 +1200, Have A Nice Cup of Tea <(E-Mail Removed)>
> wrote:
>
> buzz off and go update all your open source with the latest versions to
> fix all the bugs....
> .
>
>

Ahhh yes life with OSS .......


Lennier bleats about microsoft crud, yet the 2.6 kernel code quality
clearly shows that the OSS community can in no way be trusted to regulate
the quality of of its own kernel code.



OSS ship it out ... then thousands of patches and endless revisions
later ........

Lennier is still formating every 6 months <hahahahahahahah>



J.



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft Office Excell 2003 & Microsoft Office Word 2003 Angel Eyes Microsoft Certification 2 06-30-2008 09:28 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments