Microsoft word 2003 users should read this

Discussion in 'NZ Computing' started by Shane, May 19, 2006.

  1. Shane

    Shane Guest

    http://news.zdnet.com/2100-1009_22-6074403.html?tag=nl.e589


    Its the same old same old, dont open documents from untrusted sources

    The vulnerability was confirmed in Word 2003, Symantec said. The malicious
    file caused Word 2000 to crash, but did not run the malicious payload, it
    added.

    --
    Rule 6: There is no rule 6
    Shane, May 19, 2006
    #1
    1. Advertising

  2. Shane wrote:

    > http://news.zdnet.com/2100-1009_22-6074403.html?tag=nl.e589
    >
    >
    > Its the same old same old, dont open documents from untrusted sources
    >
    > The vulnerability was confirmed in Word 2003, Symantec said. The malicious
    > file caused Word 2000 to crash, but did not run the malicious payload, it
    > added.


    http://blogs.technet.com/msrc/archive/2006/05/20/429612.aspx

    A quick check-in on the Word vulnerability
    Hi everyone, Stephen Toulouse here again. I wanted to catch you up on
    where we're at with our investigation of the Word vulnerability.

    First off on the vulnerability itself: I want to reiterate we're hard
    at work on an update. The attack vector here is Word documents
    attached to an email or otherwise delivered to a user's computer.
    The user would have to open it first for anything to happen. That
    information isn't meant to say the issue isn't serious, it's just
    meant to clearly denote the scope of the threat.

    Now, we've received singular reports of attacks and have been working
    directly with the couple of customers thus far affected. In analyzing
    the malware we've added detection to the Windows Live Safety Center,
    and we've passed all that information over to our antivirus partners.
    But in breaking down the current malware we discovered some
    commonality to the current attack. The attack we've seen is email
    based. The emails tend to arrive in groups, they often have fake
    domains that are similar to real domains of the targets, but the
    targets are valid email addresses.

    Currently two of the subject lines we have seen are:
    Notice
    RE Plan for final agreement

    The attack we have seen so far requires admin rights, so limitations on
    user accounts can help here. I want to repeat that customers who
    believe they are affected can contact Product Support Services. You
    can contact Product Support Services in North America for help with
    security update issues or viruses at no charge using the PC Safety line
    (1866-PCSAFETY) and international customers by using any method found
    at this location:

    http://support.microsoft.com/security.

    So far, this is a *very* limited attack, and most of our antivirus
    partners are rating this as "low". But we're working to
    investigate any variants we might see to make sure detection is out
    there, as well as working on the update to address the vulnerability.

    S.

    PS: Michael Howard recently wrote a great article for not running as
    admin. It can be found here:
    http://msdn.microsoft.com/security/.../library/en-us/dncode/html/secure01182005.asp
    Nathan Mercer, May 21, 2006
    #2
    1. Advertising

  3. On Sat, 20 May 2006 18:41:29 -0700, Nathan Mercer wrote:

    > Hi everyone, Stephen Toulouse here again. I wanted to catch you up on
    > where we're at with our investigation of the Word vulnerability.
    >
    > First off on the vulnerability itself: I want to reiterate we're hard
    > at work on an update.


    What?? He's not "really excited" about this?

    Come on, Nathanbot - you can do better than that. How about another post
    from Micro$oft where the... <grin> ah ... "developer" is "really excited"
    to be working on yet another programming blund... err... effort to fix
    security holes in their own department's work!


    Have A Nice Cup of Tea

    --
    1/ Migration to Linux only costs money once. Higher Windows TCO is forever.
    2/ "Shared source" is a poison pill. Open Source is freedom.
    3/ Only the Windows boxes get the worms.
    Have A Nice Cup of Tea, May 21, 2006
    #3
  4. John in Surrey, May 21, 2006
    #4
  5. Shane

    Jennings Guest

    On Sun, 21 May 2006 08:10:58 +0100, John in Surrey wrote:

    > On Sun, 21 May 2006 15:07:21 +1200, Have A Nice Cup of Tea <>
    > wrote:
    >
    > buzz off and go update all your open source with the latest versions to
    > fix all the bugs....
    > .
    >
    >

    Ahhh yes life with OSS .......


    Lennier bleats about microsoft crud, yet the 2.6 kernel code quality
    clearly shows that the OSS community can in no way be trusted to regulate
    the quality of of its own kernel code.



    OSS ship it out ... then thousands of patches and endless revisions
    later ........

    Lennier is still formating every 6 months <hahahahahahahah>



    J.
    Jennings, May 21, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Karthik Ragavan
    Replies:
    0
    Views:
    580
    Karthik Ragavan
    Aug 17, 2005
  2. Lynne Watkins
    Replies:
    1
    Views:
    614
    rifleman
    Sep 4, 2003
  3. L Mehl
    Replies:
    2
    Views:
    573
    L Mehl
    Apr 10, 2006
  4. =?Utf-8?B?c3Jr?=

    Word XP & Word 2003 broken in X64

    =?Utf-8?B?c3Jr?=, Aug 9, 2006, in forum: Windows 64bit
    Replies:
    4
    Views:
    457
    =?Utf-8?B?c3Jr?=
    Aug 13, 2006
  5. Angel Eyes

    Microsoft Office Excell 2003 & Microsoft Office Word 2003

    Angel Eyes, May 19, 2008, in forum: Microsoft Certification
    Replies:
    2
    Views:
    897
    lynwood
    Jun 30, 2008
Loading...

Share This Page