For the second time this year, Microsoft has issued a notice of a remote code execution vulnerability in Word for which there is no patch. Their suggested workaround is "Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file." If you rely on exchanging Word documents for your business, this means shut down your business or risk infection with zero-day malware that can compromise your systems.
Secunia has rated this as "extremely critical," their most serious vulnerability rating.
The last time this happened was in May, and it took Microsoft 26 days to come up with a patch, during which time there were attacks on various enterprises from systems in China.
This problem affects Word 2000, 2002, and 2003 for Windows, Microsoft Works 2004, 2005, and 2006, Word Viewer 2003, and Word 2004 for Macintosh.
I recommend switching to OpenOffice and Macintosh. If you must use Windows in a business environment, this presents a strong argument for not giving users administrative rights on their own machines (or at least not on the user they login as to use Word) in order to limit what damage can occur from the exploitation of a vulnerability like this.
UPDATE (December 15, 2006): There have now been three such Word vulnerabilities discovered in the last two weeks!
The iWork suite for a Mac, including Pages and Keynote is fantastic. Pages also exports flawlessly to multiple forms (including PDF and Word).
ReplyDeleteI just think everyone should be switching to Apple products though.
Well, NASA is taking this seriously: http://www.msnbc.msn.com/id/16095705/from/RS.2/
ReplyDeleteGuess they don't want their shuttle getting sick on orbit.
Jen,
ReplyDeleteDo you think that Apple is invulnerable to malicious software, and that's why we should switch?
My office uses WordPerfect, which has a few features that I like, compared with MS Word, but truthfully it has many other "features" that I find incredibly frustrating.
Mac OS X is definitely not invulnerable--it has had serious security issues in the past, including 9 (10%) still unpatched. It has a few design advantages (e.g., the way administrative privileges are handled by default, such as the root account being disabled), the advantage of being a less attractive target for hackers due to there being fewer instances out there, and the advantage of the Darwin component of the OS being open source.
ReplyDelete