MS Word Zero-Day flaw protection
May. 24th, 2006 12:09 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
laurierobeyhttp://www.eweek.com/article2/0,1895,1966730,00.asp?kc=ewnws052406dtx1k0000599
Exerpts from the article on how to counter the vulnerability, for now:
Use Microsoft Word in safe mode to protect against targeted zero-day attacks.
That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program.
Microsoft is also offering the following guidelines for Office documents in safe mode:
Do not open Word files that are embedded in other applications, such as Excel, PowerPoint and others.
Even after applying the workarounds, do not open Word files directly from any mail clients—for example, Outlook or Hotmail—by double-clicking them. Save your Word document to a disk or onto your desktop and use the "Word Safe Mode" Shortcut.
Do not open ".doc" files from a Web site via Internet Explorer or any other browser.
If you do not see "Safe Mode" in Word title bar, you are not running Word in safe mode. Do not attempt to open any Word files as you may be vulnerable to the malicious ".doc" files.
Use Word Viewer 2003 to open and view files. The free Word Viewer 2003 does not contain the vulnerable code and is not susceptible to this attack.
In the attacks seen against select targets, two e-mail subject lines have been used. One is simply the word "Notice" and the other reads: "RE Plan for final agreement."
Two e-mail ".doc" attachments have been reported: "NO.060517.doc.doc," and "PLANNINGREPORT5-16-2006.doc."
~~~~~~~~~~~~~~~~~~~~~~~~~
Must be a pretty big, bad vulnerability if they're telling users to go through all this.
Exerpts from the article on how to counter the vulnerability, for now:
Use Microsoft Word in safe mode to protect against targeted zero-day attacks.
That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program.
Microsoft is also offering the following guidelines for Office documents in safe mode:
Do not open Word files that are embedded in other applications, such as Excel, PowerPoint and others.
Even after applying the workarounds, do not open Word files directly from any mail clients—for example, Outlook or Hotmail—by double-clicking them. Save your Word document to a disk or onto your desktop and use the "Word Safe Mode" Shortcut.
Do not open ".doc" files from a Web site via Internet Explorer or any other browser.
If you do not see "Safe Mode" in Word title bar, you are not running Word in safe mode. Do not attempt to open any Word files as you may be vulnerable to the malicious ".doc" files.
Use Word Viewer 2003 to open and view files. The free Word Viewer 2003 does not contain the vulnerable code and is not susceptible to this attack.
In the attacks seen against select targets, two e-mail subject lines have been used. One is simply the word "Notice" and the other reads: "RE Plan for final agreement."
Two e-mail ".doc" attachments have been reported: "NO.060517.doc.doc," and "PLANNINGREPORT5-16-2006.doc."
~~~~~~~~~~~~~~~~~~~~~~~~~
Must be a pretty big, bad vulnerability if they're telling users to go through all this.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2006-05-24 06:58 pm (UTC)no subject
Date: 2006-05-24 07:34 pm (UTC)http://www.microsoft.com/technet/security/advisory/919637.mspx
under the "workarounds" section.
Basically don't use Word as your Outlook mail editor and add "/safe" onto your winword.exe command line.
I've never heard of Word's "safemode" before now.
no subject
Date: 2006-05-24 07:42 pm (UTC)