Get patching

Microsoft have released some security patches to address critical flaws in Excel and some other Office components. Details here, looks like 2003 SP3 and 2007 SP1 are pretty much ok, but worth patching to keep everything in sync.

El Reg has some info here too.

The key point I wanted to make which people seem to miss is that this exploit (like many others) does not require macros. So clicking ‘disable macros’ doesn’t keep you safe. It is simply a malformed file, that may not contain macros or any data at all, just a certain binary sequence.

Another point worth mentioning is that in this attack like many others the attacker gets the same rights as the user they hacked. This is why so many security pros recommend running as the most limited rights user you can. Unfortunately to get any development done its much less hassle to run as admin, sadly that means an attacker would get admin right too.

If you apply the patches and have any problems let us know.

cheers

simon

Advertisements

3 Responses to “Get patching”

  1. Harlan Grove Says:

    Gotta wonder how Unix/Linux/BSD does it, allowing mere accounts to run compilers, linkers and debugers. Could it have anything to do with the basic OS design? That might explain why its possible to run Linux and BSD from read-only media but not Windows.

    To be fair to Microsoft, they’re stuck needing to provide lower level access for older software written for Windows before Microsoft got security religion. They’re not responsible for new code written that uses old features. Which, I suppose, explains the push towards .Net.

  2. Simon Says:

    I believe the backwards compatibility is like a millstone round their neck.

    just look at the outrage because Vista doesn’t run some shoddy out of date code.

    Apple have a dig advantage in building their own hardware and sorting their drivers themselves

  3. Stephane Rodriguez Says:

    I wonder what would be the PR effect of a .xlsx file (supposed to be XML, not binary) cleverly corrupted to take control of a machine, just like with .xls files.

    Until later this month, this could have devastating effects for Microsoft OOXML PR.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: