Feeds

back to article Windows, Office zero-day vuln must wait for next Patch Tuesday, says MS

Microsoft is lining up eight bulletins for the November edition of patch Tuesday (12 November), including three critical fixes, but there's no relief in sight for a zero-day vulnerability in how Office handles .TIFF graphics files. Hackers are exploiting a zero-day vulnerability in a graphics library that is used by Microsoft …

COMMENTS

This topic is closed for new posts.
WTF?

o_O

My NAS inbuilt AV scanner (ClamAV) lit up this morning with a bunch of TIFFs.

I suspect false positives, as these are TIFFs which (in two cases) have been sat idle for a few years and last touched as part of an archive/backup.

Jotti and VirusTotal also only showed ClamAV reporting those files with the 'issue', so if you are running ClamAV, I'd consider a pinch of salt with your virus scan reports this morning....

3
0
FAIL

Eh ?

Why wait until next month for the TIFF fix ? I really don't understand why it's not pushed out as soon as it is tested and ready considering it is already being exploited.

0
0
Anonymous Coward

Re: Eh ?

Probably because of Windows shit update mechanism that requires a reboot just to update a system text file. Therefore limiting you to only one guaranteed outage per month.

2
2

People still use this buggy as hell piece of software? It's no surprise windows is fastly becoming a relic of the bug ridden past

7
4
Bronze badge
Coffee/keyboard

We have a choice

Let me make my own mistakes!

2
0
Bronze badge

This kind of thing would rustle my jimmies...

... if I used Microsoft products.

3
0
Bronze badge
Go

An alternative work-around

They said: "a workaround to defend against possible attacks that works by disabling TIFF rendering in the affected graphics library." A more effective workaround is to substitute LibreOffice for the MS Office problem, and further, to run LibreOffice on Debian Linux. MS patch delays wouldn't matter nearly so much.

If MS would only promise to keep issuing patches for XP until it was all fixed ... but Hell would most likely freeze over first?

1
0

Re: An alternative work-around

> A more effective workaround is to substitute LibreOffice for the MS Office problem

I haven't looked at LibreOffice in a while. What's the name of its mail component that works as well with Exchange as Outlook does?

0
0
This topic is closed for new posts.