back to article Spies and crooks RAVAGE Microsoft's unpatched 0-day HOLE

Both cybercrooks and cyberspies have seized on a recently discovered and as-yet-unpatched Microsoft vulnerability to run attacks. Hackers have seized on the zero-day vulnerability, starring a buggy Microsoft graphics component, to run attacks featuring malicious Word documents. Microsoft issued a temporary workaround last …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Are we sure...

    That this 'bug' is not one of those nice little NSA backdoors?

    Also, it will be interesting to see how the blame for this will be shifted to one E. Snowden. After all, the phrase 'think of the children' seem to be trotted out whenever another spying revelation comes to light.

    anon. I don't want any NSA bods trying my 'back door'.

    1. Ralph B

      Re: Are we sure...

      > I don't want any NSA bods trying my 'back door

      They're probably already sitting on your sofa, leafing through your photo albums.

      Welcome to the Panopticon.

      1. Anonymous Coward
        Anonymous Coward

        Re: Are we sure...

        If I had a sofa.... Bare floorboards here at the moment (just moved house)

        Photo Albums? Aren't they so... like 19th Century?

        I guess steampunk rules ok?

        1. Ralph B

          Re: Are we sure...

          > Photo Albums? Aren't they so... like 19th Century?

          Are you accusing me of skeuomorphism?

          Whippersnapper.

      2. Rukario
        Joke

        Re: Are we sure...

        > Welcome to the Panopticon.

        But Gallifrey was destroyed!

        1. Ralph B

          Re: Are we sure...

          > But Gallifrey was destroyed!

          It was restored from a backup.

  2. Anonymous Coward
    Anonymous Coward

    Due Diligence

    Companies, esp FTSE100 and other countries equivalents, need to do their due diligence and move away from Microsoft products as they are a massively disproportion target for thieves and scoundrels.

    It won't be long before our US litigationists decide that this is a good way to get some cash when one of their investments looses some value due to hacking/malfeasance targeted at some holey MS product.

    "litigationists" because people in the US love isting English words.

    1. Anonymous Coward
      Anonymous Coward

      Re: Due Diligence

      "and move away from Microsoft products as they are a massively disproportion target for thieves and scoundrels."

      The realistic alternatives like Linux and OS-X have far more vulnerabilities than current Windows versions though - as soon as they got popular you would have the same problem....

    2. Tim 11

      Re: Due Diligence

      Yeah we should all move to Google docs - no way anyone else could interfere with our files then is there?

      1. Anonymous Coward
        Anonymous Coward

        Shocking - up-to-date software avoids the problem

        Shockingly, I have once again completely avoided a potential exploit by simply running up-to-date software. Whether you are on a Linux box or a Winblows box, running ancient versions of the OS or of the office suite is more likely to leave you open to vulnerabilities.

        D'uh!

        Face it - it's 2013. If you are running critical production devices on Win XP or Win Server 2003, you are likely to get what's coming to you, as surely as if you are running Ubuntu Warty Warthog from 2004 on your servers. It's going to be very difficult to keep it patched against all potential security threats.

        1. Khaptain Silver badge

          Re: Shocking - up-to-date software avoids the problem

          @Andy

          >If you are running critical production devices on Win XP or Win Server 2003,

          That would be about 60% ( probably more) of current megacorps then.

          1. Anonymous Coward
            Anonymous Coward

            Re: Shocking - up-to-date software avoids the problem

            @Khaptain - "That would be about 60% ( probably more) of current megacorps then."

            --- and 70% of all government systems probably.

            But its still stupid as hell.

        2. Ian 55

          Re: Shocking - up-to-date software avoids the problem

          As I read it

          Office 2003 or Office 2007 - you're stuffable.

          Office 2010 - you're stuffable

          Office 2013 - you're stuffable if you're running XP / Server2003

          'Not being stuffed by yet another buffer overrun bug' has probably doubled the reasons to upgrade Office from Office XP, nevermind later.

          1. Anonymous Coward
            Anonymous Coward

            Re: Shocking - up-to-date software avoids the problem

            Correction:

            Office 2010 - you're stuffable - on an older OS only (Not on Windows 7 or 8)

        3. Robert Carnegie Silver badge

          Re: Shocking - up-to-date software avoids the problem

          These versions of Microsoft Windows and Microsoft Office are supported versions. Therefore they are up-to-date and ought to be safe, as we were told when we bought them.

          I expect to get more than a couple of years' use out of a computer before it is given over to international hackers to abuse as they please.

          Bear in mind, too, that new products have new features that are uniquely exploitable. There are special ways to get you written into HTML 5, for instance.

  3. Steve Crook
    Coat

    "Spies and crooks BOTH ravaging"

    I'm off to lunch, and won't be ravaging again until 14:30 at the earliest. Also, it's Friday and I want to make an early start for home, so I doubt there will be much ravaging after 16:00. Did I mention that I don't ravage from home?

  4. Tim 11

    37% ???

    surely someone on websense has done their maths wrong

    If I read their site correctly, the problem affects all versions of Windows and Office except for the 2% which have the combination of office 2010 + (server 2003 or xp), so that would be 5+30+41+14-2 = 88%

    1. oolor

      Re: 37% ???

      >If I read their site correctly, the problem affects all versions of Windows and Office except for the 2% which have the combination of office 2010 + (server 2003 or xp)

      From the link in the article, I read that only the Office 2010 on Server 2003 and XP is an issue, and that higher (read more recent) systems are fine. Also Office 2013 is not affected on any system. Sounds like planned obsolescence to me.

      1. Anonymous Coward
        Anonymous Coward

        Re: 37% ???

        "Sounds like planned obsolescence to me."

        Sounds like Microsoft have developed more secure OSs and Applications over time to me...

        Microsoft supports their products for much longer than anyone else (For instance Windows XP is approaching 13 years old!)

  5. Herby Silver badge
    Joke

    Shocked, Shocked, I say...

    There is a vulnerability in Windows, or its Office minions?

    Shocked.

    Of course, this is entirely a cruel joke, or is it??

  6. Ken Hagan Gold badge

    MS had better hurry with that patch...

    Now might be a good moment to observe that Office 2003 goes out of support at the same time as XP (but a year before Server 2003).

    It might also be a good moment to ask "Who still uses TIFF files?".

    1. Gray
      Meh

      Re: MS had better hurry with that patch...

      "It might also be a good moment to ask "Who still uses TIFF files?"."

      Ummm ... people who scan documents for OCR rendering? People who use page-layout software for print publication?

  7. Stevie Silver badge
    Trollface

    Bah!

    ""TIFF graphics format files "

    As in: Tagged Image File Format graphics format files?

  8. John Smith 19 Gold badge
    Unhappy

    Indeed, who *does* use TIFF as a common file format?

    I thought it was an old AOL format?

    1. Chemist

      Re: Indeed, who *does* use TIFF as a common file format?

      "Indeed, who *does* use TIFF as a common file format? "

      It's used in photography as it's lossless , indeed I think some RAW formats are modified TIFF. Certainly photo processing software like the panorama program Hugin uses it internally for intermediates and can also export it.

    2. Michael Wojcik Silver badge

      Re: Indeed, who *does* use TIFF as a common file format?

      TIFF is commonly used by scanning software, and by "imaging" (i.e., taking physical documents, scanning them, and storing and retrieving them) applications generally.

      It was invented by Aldus and is now controlled by Adobe (in the sense that they hold the copyright on the specification). Derivative formats have been published by ISO and the IETF (eg RFC 2306).

      One main advantage of TIFF, as Chemist noted, is that it can be used to store images in lossless encodings (uncompressed or LZW); it can also be a container for lossy-compressed JPEG images, so it's more flexible than JPEG1 or, say, PNG alone. It also supports multiple images ("pages") per file, layers, various sorts of metadata, etc.

      1JPEG does define a lossless mode, but apparently it's not widely supported.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019