May 23, 2006 4:25 PM PDT

Microsoft advises 'safe mode' for Word

In the wake of at least one targeted attack that exploits a new flaw in Word, Microsoft is advising users to run the application in "safe mode."

Running Word in the restricted mode will not fix the vulnerability, but it will help block known modes of attack, Microsoft said in a security advisory published late Monday. The software maker is also developing a security update for Word, which should be available on June 13 or sooner, as warranted, the company said.

Enabling "safe mode" is a two-step process. The first part involves disabling the use of Word as an e-mail client, the second is appending "/safe" to the command line that starts Word. Microsoft provides instructions for home and enterprise users in its security advisory.

News of the Word flaw and attack surfaced last week. Word 2002 and Word 2003 are vulnerable, but Word 2000 is not, Microsoft said. For an attack to be carried out, a PC user must open a malicious Word document sent in an e-mail or otherwise provided by an attacker, it said.

Aside from changing the way Word runs, people can protect their systems by being careful in the opening of Word documents received as an unexpected e-mail attachment, Microsoft said.

See more CNET content tagged:
Microsoft Word, attack, flaw, Microsoft Corp., security

19 comments

Join the conversation!
Add your comment
Word?
What has the world come to? Your word processor is now vulnerable to attacks. Absolutely ridiculous... Didn't see this coming..

I'm not even going to bother with the whole safe mode thing, I'll start using my portable OpenOffice more often.. At least until the fix.
______________________________
R.K.
<a class="jive-link-external" href="http://www.Remove-All-Spyware.com" target="_newWindow">http://www.Remove-All-Spyware.com</a>
Posted by Roman12 (214 comments )
Reply Link Flag
What? again..
Microsoft Orifice has had these problems for years! Macro viruses were a huge problem several years ago. All because Microsoft thinks that their office suite is a development platform!
Posted by alba tross (17 comments )
Link Flag
WORD UP!
Another option for the LAMEDOWS users is using a reliable operating system like APPLES OSX that comes with applications that by default do not come by with vulnerabilities. Windows philosophy of having everything tied in into the os design always comes back and bites them in the @$$.
Posted by talus7 (15 comments )
Link Flag
the...
wonderful world of windows.....
Posted by Jesus#2 (127 comments )
Reply Link Flag
unsafe by default
Unfortunately, that's typical for Microsoft.
Posted by Jackson Cracker (272 comments )
Reply Link Flag
not in reduced mode by default
Who would want to use safe mode by default? In safe mode:
* No templates can be saved.
* Toolbar or command bar customizations are not loaded and customizations cannot be saved.
* The AutoCorrect list is not loaded and changes are not saved.
* Recovered documents are not automatically opened.
* All command line options are ignored except "/a" and "/n".
* Files cannot be saved to the Alternate Startup Directory.
* Preferences cannot be saved.
* Additional features and programs will not automatically load.
* Documents with restricted permission cannot be created or opened.
Posted by nrlz (98 comments )
Link Flag
Safe mode?
So to use MS Word safely you need to turn off the few remaining features that distinguish it from the free OpenOffice.org?

Gheezh, just use OpenOffice.org to open the files. It's a free download, opens corrupted Word documents, doesn't have Word's vulnerabilities and works fine alongside your MS Office installation.
Posted by Maccess (610 comments )
Reply Link Flag
Like Their Advice Using IE
Everytime there is a security hole in IE, Microsoft's advice is to set security to high. Basically this breaks sites that use Java and ActiveX, in short, almost every site.
Posted by maxwis (141 comments )
Link Flag
Re: safe mode
The sad fact is that most Windows users are incapable of
completing the MS two step method for putting Word into 'safe
mode".

The only thing that can truly protect the average desktop computer
user is a safe operating system. Unfortunately Microsoft doesn't
offer one for sale.
Posted by rcrusoe (1305 comments )
Link Flag
Vulnerabilities in OpenOffice
It is true, Open Office doesn't have the same vulnerabilities. It has others.
Posted by Hernys (744 comments )
Link Flag
No new stuff in this story
Whoever wrote this store have not take some basic education in computer security ... If you open attachments in spam mails, you are doomed. I never felt confortable to open any links or attachements from spam mails. From a security perspective, documents as complex as a Word document (either MS word or Open office) is quite impossible to harden. Think of how many vulnerabilities there are in IE, Firefox, Apple etc, and I would argue that the word documents are more complex and should be more vulnerable.

If you are so careless that you open any attachment from a email, then probably you would open a executable attachment as well. Then no matter what Microsoft do, your computer will be infected.
Posted by fc11 (48 comments )
Reply Link Flag
Not a fault of the document format
OpenOffice.rog doesn't dig in deep into the operating system like MS Office, so it has fewer vulnerabilities. For one thing, VB isn't a built-in "Feature," so its relatively safer to open a Word document in OpenOffice.org than MS Office.
Posted by Maccess (610 comments )
Link Flag
No new stuff in this story
Whoever wrote this store have not take some basic education in computer security ... If you open attachments in spam mails, you are doomed. I never felt confortable to open any links or attachements from spam mails. From a security perspective, documents as complex as a Word document (either MS word or Open office) is quite impossible to harden. Think of how many vulnerabilities there are in IE, Firefox, Apple etc, and I would argue that the word documents are more complex and should be more vulnerable.

If you are so careless that you open any attachment from a email, then probably you would open a executable attachment as well. Then no matter what Microsoft do, your computer will be infected.
Posted by fc11 (48 comments )
Reply Link Flag
lol
I saw this coming years ago. I've completely uninstalled all MS Office products and have installed OpenOffice instead. I use it exclusively for all my personal and business needs. Once I learned it, I've never looked back. I just can't trust MS anymore. I continue to advise all my customers to migrate away from MS Office. It's just not worth the risk any more.
Posted by geekmanager (1 comment )
Reply Link Flag
stop confusing me Bill
i couldn't operate win95,98 kept crashing on me,xp seems to do what it wants,and now me office is going to play with my email security.at $200-800 an operating system or office app,i think this asks the question do we realy need another substandard operating system.
Posted by skydigger (1 comment )
Reply Link Flag
Can I sell you a lightbulb for $100
Windows costs about $25 (if bought with the computer, which 90% of users do). Office costs more, but there's no version of Office that reaches the price you mention.
So I think it is your purchasing methods that are substandard.
BTW, if XP keeps crashing on you, then YOU have a problem. Doesn't happen with my machine, or with my wife's.
I once tried Linux, but it had about the same issues and vulnerabilities, and installing fixes was even more cumbersome, so I didn't see the advantage and moved back to something that at least runs the apps I need.
Posted by Hernys (744 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.