Microsoft confirms Windows-Word attacks
Posted by Steven Parker on 24 March 2008 - 10:03 · 11 comments & 6114 views
About the Author
Full name: Steven Parker
Forum name: Neobond
Contact: via forum PM
Submissions: Normal · Headline
Full name: Steven Parker
Forum name: Neobond
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(1 reply)
#1 Posted by Alex Bishop on 24 Mar 2008 - 10:55
- I use open office
-
(2 replies)
#2 Posted by mrmckeb on 24 Mar 2008 - 11:22
- Time to get Vista people
It's obviously safer haha. This post isn't intended to cause a fight... -
#2.1 Posted by kimatg on 24 Mar 2008 - 13:00
- +1.
At least that's one sure thing MS improved (among many other features), for those who keep on insisting Vista is no better than XP. -
#2.2 Posted by
markjensen on 24 Mar 2008 - 13:21
- (mrmckeb said @ #2)Time to get Vista people It's obviously safer haha. This post isn't intended to cause a fight...The ArticleMicrosoft said that users running Word on machines powered by Windows Vista and Windows Server 2003 SP2 are not at risk because those operating systems include a different version of Jet.
Looks like the solution isn't necessarily "Vista", but an updated version of the Microsoft Jet database engine.
If I can predict the future for a second here, let me guess that Microsoft will patch this with a Jet update, since that seems to be the source of the flaw, not the OS.
-
#3 Posted by strekship on 24 Mar 2008 - 14:22
- Well from the sound of things you actually have to open the bad word documents first so it doesn't seem like a big deal.
-
(1 reply)
#4 Posted by jamesVault on 24 Mar 2008 - 14:50
- Windows Vista is NOT vulnerable. Yet another reason to prefer Vista over XP
-
#6 Posted by soldier1st on 24 Mar 2008 - 18:20
- time to move on ppl to vista and stop the lame bashing of vista.
-
#7 Posted by Magallanes on 25 Mar 2008 - 13:34
- You can jump to vista, spending a lot of money (and time) upgrading your system.
Or you can stop opening hideous files.
In an advisory posted Friday, Microsoft acknowledged "public reports of very limited, targeted attacks" that exploit a bug in the Microsoft Jet Database Engine, a Windows component that provides data access to applications including Microsoft Access and Visual Basic.
According to Symantec Corp., however, the attacks Microsoft described used malicious Word 2000, 2002, 2003 and 2007 documents, which in turn call up the vulnerable Jet .dll.
"We believe that the issue being described [by Microsoft] is one described on March 20, 2008 by Elia Florio of Symantec Security Response," the security firm told customers of its DeepSight threat analysis network on Saturday. "He notes a recent discovery, by Panda Security, of a possible zero-day exploit observed in the wild."