Comments on: Another Word zero-day bug used in attacks

A fourth yet-to-be-patched security vulnerability in Microsoft Word is actively being exploited in cyberattacks, the company has warned.

[mwsmith824]

Prevent word documents from being distributed???

"Businesses should put policies in place to prevent Word documents from being distributed to users, Symantec said."

You've got to be kidding me? Most businesses would have to shut down if they couldn't send word documents within the organization. How about a useful recommendation, like finding another word processing program, or perhaps making the same noise you do about major worms in the press and getting Microsoft to release something faster to avoid a negligence lawsuit.

[rcrusoe]

Re: a useful recommendation

OK, here's a suggestion. If the recipient doesn't need to edit the files send him a PDF. If he does, save your documents as RTF files rather than DOC? Or better yet, save them as ODF.

http://sourceforge.net/project/showfiles.php?group_id=169337

Word's Doc files been biting people in the backside for years. If they aren't carrying a malicious payload, they are blabbing your secrets.

http://news.bbc.co.uk/2/hi/technology/3154479.stmbbing secrets.

[kevsmail]

Don't distribute Word docs at work?!?!?

Totally unrealistic in today's business world, with MS Office dominating the desktop. We are constantly having to email Word and Excel docs back and forth between staff to conduct business. The only realistic approach is to either have MS fix these flaws quicker and to have your IT staff be vigilant about updated virus protection for all workstations...

[boomslang]

Don't worry, it will all be cured when the...

Feinstein bill gets through congress that holds people responsible for computer intrusions due to lack of maintenance. Then it will be a crime to knowingly run any Microsoft Office products on the internet or use them to freely exchange files generated by Microsoft Office. Here we are, three months and counting. Four known holes will be fixed in February, only for us to be left hanging in the breeze for another month while the fifth and latest waits to be patched. Don't worry, the attacks are targetted, very few people are being compromised, STBY if you are the target. Nuke and reload is in your future after your company's private data is stolen.

[alinconstantin]

Yes, don't send documents by mail

There are plenty of other solutions to share documents. You don't have to send them attached in mail.
You can put them for instance on a known/trusted file share and send the link, or better put them into a known/trusted SharePoint or web server the whole team is using, or check them in into your source control/content management database, etc.
Or if you really need to send content by mail you can simply send mail in RTF format and copy/paste from the Word/Excel doc into your message.
Someone must be insane to insist opening attached documents received in email (no matter of their formats) after all the viruses and worms that circulated in the last years...

[wbenton]

Stop using Microsoft will fix the problem

Critical flaws are to be patched within 24 hours.

Non-critical flaws are to be patched within 72 hours.

Microsoft has been aware of at least 3 zero-day flaw more than a week prior to their January Security Updates... and that was 2 weeks ago.

Shows how concerned Microsoft is about the security of their users!

Bottom Line: Swap to Linux and resolve the slow patching track-record of Microsoft.

Walt