DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > General Publishing Topics

Reply
 
Thread Tools Display Modes
Old 12-07-2006, 08:39 AM   #1
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default MS Word security advisory

From Microsoft:
Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.


As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.
[. . .]
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
I guess the main point is to be careful with e-mail attachments. From anyone.

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Old 12-11-2006, 06:40 AM   #2
Kelvyn
Staff
 
Kelvyn's Avatar
 
Join Date: Feb 2005
Location: In the Heart of the English Lake District
Posts: 1,381
Default Beware of Word docs

I noticed this security issue report last week, affecting Word on Windows as well as Macs, and today another vlnerability has come to light.

Patches for the vulnerabilities are apparently not likely to be released in the December Windows update, due this Tuesday, 12th. How to Mac users get hold of the patch??

The advice is not to open or save any untrusted Word .doc files, as a trojan is already out in the wild!

   
__________________
Kelvyn

Web site design, hosting and marketing, Keswick in the UK Lake District

If you are planning a visit to Keswick then try Keswick Tourist Information website

Kelvyn is offline   Reply With Quote
Old 12-11-2006, 06:58 AM   #3
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default

I just merged this with the earlier notification of the problem; no sense having two threads.

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Old 12-11-2006, 07:40 AM   #4
Kelvyn
Staff
 
Kelvyn's Avatar
 
Join Date: Feb 2005
Location: In the Heart of the English Lake District
Posts: 1,381
Default

Ah I failed to see the earlier post. This latest report is quite worrying though, as 2 different vulerablities being reported within a week is a eye opener - and interestingly, it appears that Word 2007 is not affected.....

   
__________________
Kelvyn

Web site design, hosting and marketing, Keswick in the UK Lake District

If you are planning a visit to Keswick then try Keswick Tourist Information website

Kelvyn is offline   Reply With Quote
Old 12-11-2006, 08:26 AM   #5
Michael Rowley
Member
 
Join Date: Jan 2005
Location: Ipswich (the one in England)
Posts: 5,105
Default

Kelvyn:

Quote:
The advice is not to open or save any untrusted Word .doc files
That always was the advice since the first potentially malicious VBA macro was discovered, several years ago.

   
__________________
Michael
Michael Rowley is offline   Reply With Quote
Old 12-11-2006, 08:29 AM   #6
Michael Rowley
Member
 
Join Date: Jan 2005
Location: Ipswich (the one in England)
Posts: 5,105
Default

Kelvyn:

Quote:
it appears that Word 2007 is not affected
Does that include '.doc's produced by Word 2007? '.doc' indicates the existing format, I believer.

   
__________________
Michael
Michael Rowley is offline   Reply With Quote
Old 12-11-2006, 09:01 AM   #7
LoisWakeman
Staff
 
LoisWakeman's Avatar
 
Join Date: Jan 2005
Location: Uplyme, Devon, England
Posts: 1,402
Default

Perhaps because you were up to your eyes in water? I hope the phenomenal rainfall hasn't affected you adversely.
LoisWakeman is offline   Reply With Quote
Old 12-11-2006, 09:21 AM   #8
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,742
Default

Amen to that.

Holding down the SHIFT key while opening a Word doc still disables any macros it contains, doesn't it?

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 12-11-2006, 10:04 AM   #9
Kelvyn
Staff
 
Kelvyn's Avatar
 
Join Date: Feb 2005
Location: In the Heart of the English Lake District
Posts: 1,381
Default

Quote:
Originally Posted by LoisWakeman View Post
Perhaps because you were up to your eyes in water? I hope the phenomenal rainfall hasn't affected you adversely.
We are in a rain shadow just here in the village. Was a lot of water elsewhere, though, and a lot more expected Wednesday/Thursday.

   
__________________
Kelvyn

Web site design, hosting and marketing, Keswick in the UK Lake District

If you are planning a visit to Keswick then try Keswick Tourist Information website

Kelvyn is offline   Reply With Quote
Old 12-11-2006, 11:22 AM   #10
Michael Rowley
Member
 
Join Date: Jan 2005
Location: Ipswich (the one in England)
Posts: 5,105
Default

Steve:

Quote:
Holding down the SHIFT key while opening a Word doc still disables any macros it contains
I suppose it is equivalent to using a switch to start Word, but as I usually want my own macros to work, I never use any switch but /mFile1. I don't open Word documents that I don't know the origin of, and, of course, I have got Windows to reveal extensions (a silly default, making your doing that a matter of deliberate choice to do the right thing).

   
__________________
Michael
Michael Rowley is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Beware moving in PDFs Robin Springall Print Production & Automation 7 02-12-2007 10:39 AM
Importing Arabic word docs into indesign rbb Print Design 7 08-28-2006 09:37 AM
Tiger, Safari and PDF docs annc General Publishing Topics 16 01-31-2006 02:27 PM
Reader 7.0.1 fixes links from Office docs Steve Rindsberg Print Production & Automation 2 04-19-2005 09:36 PM


All times are GMT -8. The time now is 11:41 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.