“Microsoft has warned of a serious – and as yet unpatched vulnerability – in Word. Hackers (albeit to a limited extent) are exploiting the zero-day flaw in its ubiquitous Office application, Redmond warns,” John Leyden reports for The Register.
Leyden reports, “The flaw – which stems from an unspecified memory corruption bug – doesn’t just affect Windows users. Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, along with Microsoft Works 2004, 2005, and 2006 are all potentially vulnerable. Users tricked into opening maliciously constructed Word files are liable to find their systems compromised.”
More info and links here.
[Thanks to MacDailyNews Reader “Chas” for the heads up.]
MacDailyNews Note: Microsoft’s Security Advisory (929433 – almost time to add another digit there, M’Soft) states: “In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Do not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources.
Related MacDailyNews article:
Mac users should not buy Microsoft software (or hardware) – May 16, 2003
Bill Gates said in 1993:
With advancing technology, in the next three years spam will be a thing of the past.
NY Times today:
Quoting the above – there is now double the spam as in 2003.
Zune Tang’s conclusion:
Bill must have this new technology only in Vista.
My conclusion:
Add this to the 640K estimation as enough RAM to MS’s level of prophecy. Now I am glad that the UniBinary Office 2007 will not have VB macro capabilities, only AppleScript.
What if you use Pages to open your word files? Are you only vulnerable if you use Word to open them?
Hmmm something smells fishy here… is VB required or not?
re: stormy. Yeh, it’s a bummer that the business world relies on M$, but I still make a helluva lotta money NOT using their crap products.
There’s always a way to avoid using M$, I kinda enjoy rising to the challenge and bypassing Micro$haft products, and still getting the job done.
Word, in one Word, is shit. I’d rather use a typewriter.
“Word, in one Word, is shit. I’d rather use a typewriter.”spoken like a true mac troglodyte. bite off your own nose to spite your face.
The only reason why people still use Office is because their managers (and higher ups) don’t know any better, and IT tells them it is necessary. If the managers knew that they could install another mail server product and run Open Office on their user machines, and get the same results, they would shit their pants. After all, they just care about the bottom line anyway.
And NeoOffice for OS X was the best thing to happen to Open Office. No X11 or XDarwin required.
Word is not shit.
Word 3 was an amazingly useful, versatile word processor.
It’s gone downhill ever since, though…
“STILL NO ONE HERE HAS RESPONDED TO THE QUESTION : WHAT HAPPENS TO THE MAC WITH THIS OFFICE ISSUE?”
It will cause your Mac to
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
Seriously, this is one of those cases where obscurity will probably help. First, Mac Office runs in Rosetta/PowerPC. So any exploit will also have to be written using the PowerPC ISA. As always, the obscurity of PowerPC will probably help protect Mac users. Since you can’t really do a “cross-platform” virus in this case, malicious folks will probably do an Intel version for Windows and be done with it.
So I wouldn’t panic too much about Word documents in Mac Word. The worst that would happen is that it will try to execute Intel instructions and crash.
From 1991 to 1998 I declared a private war on Microsoft and refused to have anything from Microsoft on my Hard drive or in my computer. I did quite well with WordPerfect and other replacements.
Then I resigned and joined the club and used MS Explorer and Office.
Well, me thinks it is time to purge my HD of all things Microsoft once again!
hey, mr. don’t pass the koolaid – what’s your deal? word is shitty, it doesn’t do what i need it to do and it tries to do things that i want it to stop. i don’t use i, i don’t have to and i don’t understand what that has to do with drinking jobs’ koolaid. and, incidentally, you get that this is a mac site, right? yeah, we probably like these products more than others. get a clue.
And now here’s something completely different…
Get a MAC animated – Google Video
See? Cute and no obscenities. Fun for all ages.
To “Don’t pass the koolaid” who posted:
“Maybe you guys should start looking at the fires in your own houses, too. Where’s the mention of the numerous patches for apps running on OSX because of vulnerabilities found?”
Difference is Apple patches BEFORE anyone in the wild get’s hurt.
Micro$oft patches AFTER half the world’s computer’s have crashed and burned.
Who cares about counting PATCHES you dufus…. give me a count of the actual number of compromised Apple systems in the wild?
Apply the rest of your post to yourself please: “What’s that? I can’t hear you. Thought so. Now shut the hell up.”
What about targeted attacks from ‘trusted’ sources, such as your colleagues in the office? Suppose one of them wants to own you, your email, your passwords, awww what the hell – why not your entire Powerbook. Stop using Micrososft. The sooner the better.
Let them fuck themselves.
to Don’t pass the koolaid
go back to your porn
In a battle of wits, you’re unarmed.
Re: What Happens to the Mac with this Office (sic) Issue?
If you read carefully, Microsoft is the source of this warning and they are saying that there is a potential for pwnage of a system (they aren’t specific about which kind of system) by opening a specially crafted Word file. They also hint that this method may already be in play, but again, no specifics on how the “system” was affected. Everyone else is just repeating the Microsoft warning.
So is your Mac in danger? Only Microsoft really knows.
Is this a bit of FUD mixed in with the usual Windows security issues? Again, only Microsoft knows for sure.
The only safe course of action is to avoid Word files, at least until this is patched.
What a bunch of crap — have not seen ANY specific details as to HOW this Word malware affect the Mac — ONLY some *boogeyman-under-the-bed* sort of warning — *booga**booga**BOO*!!
And, SOMEHOW, this is partially the fault of the Mac OSX system, according to some of the Windblows fanboyz who can’t spell HTML without a cheat-sheet?
Niffy