Welcome Guest.   Make a donation to an author on the site October 21, 2014, 07:09:12 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Your Support Funds this Site: View the Supporter Yearbook.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Microsoft Word under attack. Don't open RTF files!  (Read 3611 times)
Deozaan
Charter Member
***
Posts: 6,416



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: March 25, 2014, 03:23:27 PM »

Hide yo wives! Hide yo kids! And hide yo husbands, cuz they RTFing errybody out here!

Microsoft Corp. on Monday issued an emergency security warning saying that hackers have found a way to booby-trap certain common Word files with the .rtf extension.

Microsoft says it's aware of attacks going on now, but there's no fix yet to stop the hackers. It's working on a way to stop the bug.

The only way to be sure your computer won't get infected is not to open a document with the .rtf file extension until Microsoft says it's fine to do so.

Read more here:

http://www.businessinside...ing-microsoft-word-2014-3

The Business Insider article seems to imply the attacks are for all editions of Microsoft Word, but the actual security advisory says the exploit only works in versions before Word 2010:

At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010.

[...]

We were glad to see in our tests that this exploit fails (resulting in a crash) on machines running Word 2013, due to the ASLR enforcement introduced for this product.

So be sure to read the actual security advisory posted by Microsoft here to get the actual info:

http://technet.microsoft....security/advisory/2953095
« Last Edit: March 25, 2014, 03:30:28 PM by Deozaan » Logged

Stoic Joker
Honorary Member
**
Posts: 5,322



View Profile WWW Give some DonationCredits to this forum member
« Reply #1 on: March 25, 2014, 05:15:59 PM »

I'll save you some time reading:

Quote from: Microsoft
Affected Software

Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 (32-bit editions)
Microsoft Word 2013 (64-bit editions)
Microsoft Word 2013 RT
Microsoft Word Viewer
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office for Mac 2011
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 1
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Word Automation Services on Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013

Jesus! Mac too! ...Way to share the love MS (idiots..).

Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).
Logged
40hz
Supporting Member
**
Posts: 10,723



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: March 25, 2014, 05:25:50 PM »

Ya know...if they could just let wordprocessors process text, and email readers just read email, and not web-enable or otherwise implement all these ancillary capabilities into them...things might become less risky. Seriously, why does everything have to behave like a portal these days?
 undecided
Logged

Don't you see? It's turtles all the way down!
Stoic Joker
Honorary Member
**
Posts: 5,322



View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: March 25, 2014, 06:56:46 PM »

Ya know...if they could just let wordprocessors process text, and email readers just read email, and not web-enable or otherwise implement all these ancillary capabilities into them...things might become less risky. Seriously, why does everything have to behave like a portal these days?
 undecided

Damn Straight and Amen to that. Thmbsup
Logged
Deozaan
Charter Member
***
Posts: 6,416



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: March 25, 2014, 06:58:58 PM »

Seriously, why does everything have to behave like a portal these days?

For science! And cake!
Logged

40hz
Supporting Member
**
Posts: 10,723



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: March 25, 2014, 07:32:54 PM »

Seriously, why does everything have to behave like a portal these days?

For science! And cake!

Microsoft Office!
It works like it does because our plan
For our precious bottom line
Requires we move you online...

So it's no use crying that it's all a mistake
We'll just keep on trying, and we'll tell you "Eat cake!"
While the meters run
'neath the brave new sun
Of a world where cloud service firms thrive...

« Last Edit: March 25, 2014, 07:38:52 PM by 40hz » Logged

Don't you see? It's turtles all the way down!
Deozaan
Charter Member
***
Posts: 6,416



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: March 25, 2014, 07:49:49 PM »

Bravo! greenclp lol
Logged

x16wda
Supporting Member
**
Posts: 473


what am I doing in this handbasket?

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: March 25, 2014, 07:51:51 PM »

^ Heehee!
Logged

vi vi vi - editor of the beast
wraith808
Supporting Member
**
Posts: 6,415



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: March 25, 2014, 08:50:55 PM »

Logged

superboyac
Charter Member
***
Posts: 5,702


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: March 25, 2014, 09:19:03 PM »

Seriously, why does everything have to behave like a portal these days?

For science! And cake!

Microsoft Office!
It works like it does because our plan
For our precious bottom line
Requires we move you online...

So it's no use crying that it's all a mistake
We'll just keep on trying, and we'll tell you "Eat cake!"
While the meters run
'neath the brave new sun
Of a world where cloud service firms thrive...
hey!  it rhymes!
 Grin
Logged

TaoPhoenix
Supporting Member
**
Posts: 3,584



0 - 60 ... then back to 0 again!

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #10 on: March 25, 2014, 09:20:02 PM »

Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).

Or LibreOffice/Notepad2/KingsoftWriter/other?

I only use rtf files when I am being utterly lazy because plain txt doesn't want to capture fonts. The rest of the time I guess I use 2003 style .doc (LibreOffice I am looking at you, quit burying it in the settings!)

In a silly other note it's amusing no one has yet (that I know of) made a Botnet Detector game.
"Your machine has been Pwned. What do you want to do?

A. Send 1.6 million emails
B. Participate in a DDOS
C. Play Minefield like it is 1997
"
Logged
Stoic Joker
Honorary Member
**
Posts: 5,322



View Profile WWW Give some DonationCredits to this forum member
« Reply #11 on: March 25, 2014, 10:21:47 PM »

Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).

Or LibreOffice/Notepad2/KingsoftWriter/other?

True, but I'm looking at/for something that is lite, fast, and native. WordPad is already there by default and quick enough, which is why I use it and .rtf for all the server documentation on our cloud system ... As there is no way in hell I'm installing Office on any of the host servers. smiley
Logged
apankrat
Supporting Member
**
Posts: 124


View Profile WWW Give some DonationCredits to this forum member
« Reply #12 on: March 26, 2014, 07:18:30 AM »

Public service announcement

If you have to use Word or open RTF emails in Outlook, install EMET and enable it for both apps. In fact, it's generally not a bad idea to keep EMET enabled for your email client, your browser and the flash player *at all times*. Doing so plugs quite a few attack vectors and helps mitigating zero-days.
Logged
40hz
Supporting Member
**
Posts: 10,723



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: March 26, 2014, 11:12:15 AM »

As there is no way in hell I'm installing Office on any of the host servers.

 Grin I sure hope not!  In any IT department worthy of the name, doing so would be an awfully creative way to "tender one's resignation" wouldn't it? Cool
Logged

Don't you see? It's turtles all the way down!
Shades
Member
**
Posts: 1,669


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #14 on: March 26, 2014, 01:58:00 PM »

Ooops. Then I am in trouble.

In my defense: I need to send and receive encrypted mail in 3rd party software for (very) specific B2B traffic. This is actually the law in the Netherlands (participants in this traffic have to comply, else they can expect heavy fines or even exclusion which means bankruptcy).

Unfortunately that requires extended MAPI(this is by Microsoft design) which is only supported in Outlook, which requires me to do a (partial) Office installation on a server.

But I do recognize the irony in this. To be able to communicate securely I need to install software known to be insecure and destabilizing a Windows installation.
Logged
40hz
Supporting Member
**
Posts: 10,723



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: March 26, 2014, 02:36:24 PM »

Unfortunately that requires extended MAPI(this is by Microsoft design) which is only supported in Outlook, which requires me to do a (partial) Office installation on a server.

But I do recognize the irony in this. To be able to communicate securely I need to install software known to be insecure and destabilizing a Windows installation.

Good lord! And here I thought the Dutch were way ahead of us when it came to saying "NO" to this sort of nonsense... undecided
Logged

Don't you see? It's turtles all the way down!
Vurbal
Supporting Member
**
Posts: 492



Mostly harmless

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #16 on: March 26, 2014, 09:40:25 PM »

Unfortunately that requires extended MAPI(this is by Microsoft design) which is only supported in Outlook, which requires me to do a (partial) Office installation on a server.

But I do recognize the irony in this. To be able to communicate securely I need to install software known to be insecure and destabilizing a Windows installation.

Good lord! And here I thought the Dutch were way ahead of us when it came to saying "NO" to this sort of nonsense... undecided

Maybe that's the problem. Perhaps their bureaucrats felt the country was falling behind in the important metric of impossible demands on IT. They could just be hoping to catch up to the rest of the world.
Logged

Outside of a dog, a book is a man's best friend. Inside of a dog it's too dark to read.
- Groucho Marx

Follow the path of the unsafe, independent thinker. Expose your ideas to the danger of controversy. Speak your mind and fear less the label of ''crackpot'' than the stigma of conformity.
- Thomas J. Watson, Sr

It's not rocket surgery.
- Me


I recommend reading through my Bio before responding to any of my posts. It could save both of us a lot of time and frustration.
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.053s | Server load: 0.05 ]