Microsoft advises 'safe mode' for Word

In the wake of at least one targeted attack that exploits a new flaw in Word, Microsoft is advising users to run the application in "safe mode."

Running Word in the restricted mode will not fix the vulnerability, but it will help block known modes of attack, Microsoft said in a security advisory published late Monday. The software maker is also developing a security update for Word, which should be available on June 13 or sooner, as warranted, the company said.

Enabling "safe mode" is a two-step process. The first part involves disabling the use of Word as an e-mail client, the second is appending "/safe" to the command line that starts Word. Microsoft provides instructions for home and enterprise users in its security advisory.

News of the Word flaw and attack surfaced last week. Word 2002 and Word 2003 are vulnerable, but Word 2000 is not, Microsoft said. For an attack to be carried out, a PC user must open a malicious Word document sent in an e-mail or otherwise provided by an attacker, it said.

Aside from changing the way Word runs, people can protect their systems by being careful in the opening of Word documents received as an unexpected e-mail attachment, Microsoft said.

[Roman12]

Word?

What has the world come to? Your word processor is now vulnerable to attacks. Absolutely ridiculous... Didn't see this coming..

I'm not even going to bother with the whole safe mode thing, I'll start using my portable OpenOffice more often.. At least until the fix.
______________________________
R.K.
http://www.Remove-All-Spyware.com

[alba tross]

What? again..

Microsoft Orifice has had these problems for years! Macro viruses were a huge problem several years ago. All because Microsoft thinks that their office suite is a development platform!

[talus7]

WORD UP!

Another option for the LAMEDOWS users is using a reliable operating system like APPLES OSX that comes with applications that by default do not come by with vulnerabilities. Windows philosophy of having everything tied in into the os design always comes back and bites them in the @$$.

[Jesus#2]

the...

wonderful world of windows.....

[Jackson Cracker]

unsafe by default

Unfortunately, that's typical for Microsoft.

[nrlz]

not in reduced mode by default

Who would want to use safe mode by default? In safe mode:
* No templates can be saved.
* Toolbar or command bar customizations are not loaded and customizations cannot be saved.
* The AutoCorrect list is not loaded and changes are not saved.
* Recovered documents are not automatically opened.
* All command line options are ignored except "/a" and "/n".
* Files cannot be saved to the Alternate Startup Directory.
* Preferences cannot be saved.
* Additional features and programs will not automatically load.
* Documents with restricted permission cannot be created or opened.

[Maccess]

Safe mode?

So to use MS Word safely you need to turn off the few remaining features that distinguish it from the free OpenOffice.org?

Gheezh, just use OpenOffice.org to open the files. It's a free download, opens corrupted Word documents, doesn't have Word's vulnerabilities and works fine alongside your MS Office installation.

[maxwis]

Like Their Advice Using IE

Everytime there is a security hole in IE, Microsoft's advice is to set security to high. Basically this breaks sites that use Java and ActiveX, in short, almost every site.

[rcrusoe]

Re: safe mode

The sad fact is that most Windows users are incapable of
completing the MS two step method for putting Word into 'safe
mode".

The only thing that can truly protect the average desktop computer
user is a safe operating system. Unfortunately Microsoft doesn't
offer one for sale.

[Hernys]

Vulnerabilities in OpenOffice

It is true, Open Office doesn't have the same vulnerabilities. It has others.

[fc11]

No new stuff in this story

Whoever wrote this store have not take some basic education in computer security ... If you open attachments in spam mails, you are doomed. I never felt confortable to open any links or attachements from spam mails. From a security perspective, documents as complex as a Word document (either MS word or Open office) is quite impossible to harden. Think of how many vulnerabilities there are in IE, Firefox, Apple etc, and I would argue that the word documents are more complex and should be more vulnerable.

If you are so careless that you open any attachment from a email, then probably you would open a executable attachment as well. Then no matter what Microsoft do, your computer will be infected.

[Maccess]

Not a fault of the document format

OpenOffice.rog doesn't dig in deep into the operating system like MS Office, so it has fewer vulnerabilities. For one thing, VB isn't a built-in "Feature," so its relatively safer to open a Word document in OpenOffice.org than MS Office.

[fc11]

No new stuff in this story

Whoever wrote this store have not take some basic education in computer security ... If you open attachments in spam mails, you are doomed. I never felt confortable to open any links or attachements from spam mails. From a security perspective, documents as complex as a Word document (either MS word or Open office) is quite impossible to harden. Think of how many vulnerabilities there are in IE, Firefox, Apple etc, and I would argue that the word documents are more complex and should be more vulnerable.

If you are so careless that you open any attachment from a email, then probably you would open a executable attachment as well. Then no matter what Microsoft do, your computer will be infected.

[geekmanager]

lol

I saw this coming years ago. I've completely uninstalled all MS Office products and have installed OpenOffice instead. I use it exclusively for all my personal and business needs. Once I learned it, I've never looked back. I just can't trust MS anymore. I continue to advise all my customers to migrate away from MS Office. It's just not worth the risk any more.

[skydigger]

stop confusing me Bill

i couldn't operate win95,98 kept crashing on me,xp seems to do what it wants,and now me office is going to play with my email security.at $200-800 an operating system or office app,i think this asks the question do we realy need another substandard operating system.

[Hernys]

Can I sell you a lightbulb for $100

Windows costs about $25 (if bought with the computer, which 90% of users do). Office costs more, but there's no version of Office that reaches the price you mention.
So I think it is your purchasing methods that are substandard.
BTW, if XP keeps crashing on you, then YOU have a problem. Doesn't happen with my machine, or with my wife's.
I once tried Linux, but it had about the same issues and vulnerabilities, and installing fixes was even more cumbersome, so I didn't see the advantage and moved back to something that at least runs the apps I need.