Feeds

back to article Spies and crooks RAVAGE Microsoft's unpatched 0-day HOLE

Both cybercrooks and cyberspies have seized on a recently discovered and as-yet-unpatched Microsoft vulnerability to run attacks. Hackers have seized on the zero-day vulnerability, starring a buggy Microsoft graphics component, to run attacks featuring malicious Word documents. Microsoft issued a temporary workaround last week …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Are we sure...

That this 'bug' is not one of those nice little NSA backdoors?

Also, it will be interesting to see how the blame for this will be shifted to one E. Snowden. After all, the phrase 'think of the children' seem to be trotted out whenever another spying revelation comes to light.

anon. I don't want any NSA bods trying my 'back door'.

6
2
Silver badge

Re: Are we sure...

> I don't want any NSA bods trying my 'back door

They're probably already sitting on your sofa, leafing through your photo albums.

Welcome to the Panopticon.

11
0
Anonymous Coward

Re: Are we sure...

If I had a sofa.... Bare floorboards here at the moment (just moved house)

Photo Albums? Aren't they so... like 19th Century?

I guess steampunk rules ok?

0
1
Silver badge

Re: Are we sure...

> Photo Albums? Aren't they so... like 19th Century?

Are you accusing me of skeuomorphism?

Whippersnapper.

0
0
Joke

Re: Are we sure...

> Welcome to the Panopticon.

But Gallifrey was destroyed!

1
0
Silver badge

Re: Are we sure...

> But Gallifrey was destroyed!

It was restored from a backup.

0
0
Anonymous Coward

Due Diligence

Companies, esp FTSE100 and other countries equivalents, need to do their due diligence and move away from Microsoft products as they are a massively disproportion target for thieves and scoundrels.

It won't be long before our US litigationists decide that this is a good way to get some cash when one of their investments looses some value due to hacking/malfeasance targeted at some holey MS product.

"litigationists" because people in the US love isting English words.

7
2
Anonymous Coward

Re: Due Diligence

"and move away from Microsoft products as they are a massively disproportion target for thieves and scoundrels."

The realistic alternatives like Linux and OS-X have far more vulnerabilities than current Windows versions though - as soon as they got popular you would have the same problem....

2
19

Re: Due Diligence

Yeah we should all move to Google docs - no way anyone else could interfere with our files then is there?

2
1
Silver badge

Shocking - up-to-date software avoids the problem

Shockingly, I have once again completely avoided a potential exploit by simply running up-to-date software. Whether you are on a Linux box or a Winblows box, running ancient versions of the OS or of the office suite is more likely to leave you open to vulnerabilities.

D'uh!

Face it - it's 2013. If you are running critical production devices on Win XP or Win Server 2003, you are likely to get what's coming to you, as surely as if you are running Ubuntu Warty Warthog from 2004 on your servers. It's going to be very difficult to keep it patched against all potential security threats.

1
4
Silver badge

Re: Shocking - up-to-date software avoids the problem

@Andy

>If you are running critical production devices on Win XP or Win Server 2003,

That would be about 60% ( probably more) of current megacorps then.

5
0
Silver badge

Re: Shocking - up-to-date software avoids the problem

@Khaptain - "That would be about 60% ( probably more) of current megacorps then."

--- and 70% of all government systems probably.

But its still stupid as hell.

0
1
Bronze badge

Re: Shocking - up-to-date software avoids the problem

As I read it

Office 2003 or Office 2007 - you're stuffable.

Office 2010 - you're stuffable

Office 2013 - you're stuffable if you're running XP / Server2003

'Not being stuffed by yet another buffer overrun bug' has probably doubled the reasons to upgrade Office from Office XP, nevermind later.

3
0

Re: Shocking - up-to-date software avoids the problem

These versions of Microsoft Windows and Microsoft Office are supported versions. Therefore they are up-to-date and ought to be safe, as we were told when we bought them.

I expect to get more than a couple of years' use out of a computer before it is given over to international hackers to abuse as they please.

Bear in mind, too, that new products have new features that are uniquely exploitable. There are special ways to get you written into HTML 5, for instance.

0
0
Anonymous Coward

Re: Shocking - up-to-date software avoids the problem

Correction:

Office 2010 - you're stuffable - on an older OS only (Not on Windows 7 or 8)

0
0
Coat

"Spies and crooks BOTH ravaging"

I'm off to lunch, and won't be ravaging again until 14:30 at the earliest. Also, it's Friday and I want to make an early start for home, so I doubt there will be much ravaging after 16:00. Did I mention that I don't ravage from home?

5
0

37% ???

surely someone on websense has done their maths wrong

If I read their site correctly, the problem affects all versions of Windows and Office except for the 2% which have the combination of office 2010 + (server 2003 or xp), so that would be 5+30+41+14-2 = 88%

0
0

Re: 37% ???

>If I read their site correctly, the problem affects all versions of Windows and Office except for the 2% which have the combination of office 2010 + (server 2003 or xp)

From the link in the article, I read that only the Office 2010 on Server 2003 and XP is an issue, and that higher (read more recent) systems are fine. Also Office 2013 is not affected on any system. Sounds like planned obsolescence to me.

0
0
Anonymous Coward

Re: 37% ???

"Sounds like planned obsolescence to me."

Sounds like Microsoft have developed more secure OSs and Applications over time to me...

Microsoft supports their products for much longer than anyone else (For instance Windows XP is approaching 13 years old!)

0
1
Silver badge
Joke

Shocked, Shocked, I say...

There is a vulnerability in Windows, or its Office minions?

Shocked.

Of course, this is entirely a cruel joke, or is it??

2
0
Gold badge

MS had better hurry with that patch...

Now might be a good moment to observe that Office 2003 goes out of support at the same time as XP (but a year before Server 2003).

It might also be a good moment to ask "Who still uses TIFF files?".

2
0
Bronze badge
Meh

Re: MS had better hurry with that patch...

"It might also be a good moment to ask "Who still uses TIFF files?"."

Ummm ... people who scan documents for OCR rendering? People who use page-layout software for print publication?

0
0
Silver badge
Trollface

Bah!

""TIFF graphics format files "

As in: Tagged Image File Format graphics format files?

1
0
Gold badge
Unhappy

Indeed, who *does* use TIFF as a common file format?

I thought it was an old AOL format?

0
0
Silver badge

Re: Indeed, who *does* use TIFF as a common file format?

"Indeed, who *does* use TIFF as a common file format? "

It's used in photography as it's lossless , indeed I think some RAW formats are modified TIFF. Certainly photo processing software like the panorama program Hugin uses it internally for intermediates and can also export it.

0
0
Silver badge

Re: Indeed, who *does* use TIFF as a common file format?

TIFF is commonly used by scanning software, and by "imaging" (i.e., taking physical documents, scanning them, and storing and retrieving them) applications generally.

It was invented by Aldus and is now controlled by Adobe (in the sense that they hold the copyright on the specification). Derivative formats have been published by ISO and the IETF (eg RFC 2306).

One main advantage of TIFF, as Chemist noted, is that it can be used to store images in lossless encodings (uncompressed or LZW); it can also be a container for lossy-compressed JPEG images, so it's more flexible than JPEG1 or, say, PNG alone. It also supports multiple images ("pages") per file, layers, various sorts of metadata, etc.

1JPEG does define a lossless mode, but apparently it's not widely supported.

1
0
This topic is closed for new posts.