Word 0-days
Tuesday 12th December, 2006 04:21 Comments: 1
Last Wednesday, Microsoft posted an advisory for a targeted "zero-day" attack using a Microsoft Word vulnerability, which McAfee are now referring to as Microsoft Word 0-Day Vulnerability I. They analyzed a Word Document sample for MessageLabs and Microsoft confirmed upon their request that it was Microsoft Word 0-Day Vulnerability II.
McAfee previously mentioned that non-executable file formats being a popular vector in recent years; and believe that this is a trend that will continue into 2007 and deserves to be given ample consideration in planning for security resources, policies and user education programs. I agree that non-executable file formats are becoming more popular, and that the trend will continue, but I also think that Office 2007 might be more resilient to such attacks.
Want some proof? Well the Microsoft Security Response Center Blog stated that "Our initial investigation has discovered that Word 2000, Word 2002, Word 2003 and the Word Viewer 2003 are affected, but Word 2007 is NOT affected by the vulnerability". It's not entirely clear whether Word 2007 is not affected by the Word 0-Day Vulnerability 1, but the advisory only lists "Word 2000, Word 2002, Word 2003, Word Viewer 2003, Word 2004 for Mac, Word 2004 v. X for Mac, Works 2004, 2005, and 2006" (which is the same as those listed for II) so I presume Word 2007 isn't affected by either of these 0-days.
Sadly, this means that attackers will go for the next best thing: anti virus software, third party drivers, popular file formats such as playlist files, graphics, and possibly - and this is just my personal belief - container files (the type used to store multiple audio, video, images, subtitles).
McAfee previously mentioned that non-executable file formats being a popular vector in recent years; and believe that this is a trend that will continue into 2007 and deserves to be given ample consideration in planning for security resources, policies and user education programs. I agree that non-executable file formats are becoming more popular, and that the trend will continue, but I also think that Office 2007 might be more resilient to such attacks.
Want some proof? Well the Microsoft Security Response Center Blog stated that "Our initial investigation has discovered that Word 2000, Word 2002, Word 2003 and the Word Viewer 2003 are affected, but Word 2007 is NOT affected by the vulnerability". It's not entirely clear whether Word 2007 is not affected by the Word 0-Day Vulnerability 1, but the advisory only lists "Word 2000, Word 2002, Word 2003, Word Viewer 2003, Word 2004 for Mac, Word 2004 v. X for Mac, Works 2004, 2005, and 2006" (which is the same as those listed for II) so I presume Word 2007 isn't affected by either of these 0-days.
Sadly, this means that attackers will go for the next best thing: anti virus software, third party drivers, popular file formats such as playlist files, graphics, and possibly - and this is just my personal belief - container files (the type used to store multiple audio, video, images, subtitles).
Robert - Saturday 16th December, 2006 02:07 Talking of playlists, it seems there was one that affected WMP (although not WMP 11, which I've been using for ages: initially the beta, now the full version) that was patched a couple days after I posted this entry.
http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx
I thought it was odd that they listed Windows Vista separately as non-affected software, seeing as it comes with WMP11, which they also said isn't affected. Perhaps they just enjoy pointing out that Vista (and Word 2007) is pretty damn good.
http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx
I thought it was odd that they listed Windows Vista separately as non-affected software, seeing as it comes with WMP11, which they also said isn't affected. Perhaps they just enjoy pointing out that Vista (and Word 2007) is pretty damn good.