A new, yet-to-be-patched security hole in Word is being used in targeted cyberattacks, Microsoft has warned.
When a user opens a rigged Word file, it may corrupt system memory in such a way that an attacker could gain complete control over the PC, Microsoft said in a security advisory posted late Wednesday. Office 2000 and Office XP are at risk, the company said. The two recent versions, Office 2003 and 2007, are not affected.
As with most of the Office vulnerabilities, an attacker would have to trick a user into opening a malicious file to be successful. The vulnerability is being exploited in "very limited, targeted attacks," Microsoft said. A security update to repair the problem is in the works, it added.
Word of the new flaw comes a day after Microsoft released updates for nine other Office-related vulnerabilities. Five of them were zero-day flaws, or security holes that have been publicly disclosed but not fixed.
Security experts have said that limited-scale attacks are the most dangerous. Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern, because they can be blocked. But targeted Trojan horses, especially those aimed at specific businesses, have become nightmares as they can fly under the radar.
Cybercrooks have found that they can take advantage of Microsoft's security update cycle by timing new attacks right before or just after "Patch Tuesday"--the second Tuesday of each month when the software maker releases its fixes. Some security watchers have coined the term "zero-day Wednesday" to describe that strategy.
"Nowadays, security guys break the Mac every single day," Gates said. "Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine."
Would you care for some salt and pepper for your foot Mr. Gates?
I got sick of having 3 years worth of MS patches chew up my disk space so I deleted those useless MSP files. Now every time I try to do an MS Office updated, I get this stupid message. What kind of crappy technology does MS use, where every blasted patch they issue has to consume gobs of disk space? Can't they just put a simple entry in the Registry and be done with it? Oh, I forgot, if they didn't have crappy technology in the first place they wouldn't have to keep issuing patches.
"Office Update is unable to check for updates The Office Update site is unable to check for updates on this computer. This may be happening because of one of the following reasons:
You do not have administrative privileges for this computer. There is a network problem and the detection catalog used by the Office Update site failed to download. Go back to the Downloads home page and try running detection again. Windows Installer patch files (.MSP files) from previously applied Office updates are missing from the \Windows\Installer hidden directory on your computer. MSP files are stored on your computer after update installation completes because they need to be referenced for future update operations. If the files are missing you will not be able to apply Office updates. You may also be unable to uninstall Office products as a result of the same problem."
Think about how nuts this is. First you install a patch which replaces existing .exe or .dll. Then Windoze keeps a "backup" copy of things in case you want to back out the patch. OK, fine. But there is no capability at some point to say, "clean out the old crud patches". So over time you end up with 100s of megs of patch crud that you are stuck with. That is just nuts. Poor, poor, design.
The particular problem with MS Office referencing these old MSP files in order to process future patches doesn't occur with patches to the OS. I delete old XP patch files all the time and never have a problem subsequently running new XP updates.
The makers of two profiles asking Apple to improve conditions for overseas workers will be hand-delivered to a handful of Apple's retail stores tomorrow.
An Internet troll who posts allegedly hateful and racist remarks on Facebook's RIP sites, seems blase about his activities when he is intercepted by a BBC reporter.
After large numbers of longtime 'Burners' failed to get tickets during the event's recent selection process, many claimed organizers had failed to adopt a sensible system. Now, those organizers are trying to calm community anger.
Fabrication is moving to the nanoscale, aided by a super-hard tip 10,000 times smaller than a pencil point that could be used for microscopic biosensors and optical probes.
Greenpeace tries to cast some light on the energy sources behind data centers and commend IT companies that advance clean energy and efficiency through tech. Facebook and Apple aren't quite there yet, it says.
said. "Every single day, they come out with a total exploit, your
machine can be taken over totally. I dare anybody to do that once a
month on the Windows machine."
Would you care for some salt and pepper for your foot Mr. Gates?
"Office Update is unable to check for updates
The Office Update site is unable to check for updates on this computer. This may be happening because of one of the following reasons:
You do not have administrative privileges for this computer.
There is a network problem and the detection catalog used by the Office Update site failed to download. Go back to the Downloads home page and try running detection again.
Windows Installer patch files (.MSP files) from previously applied Office updates are missing from the \Windows\Installer hidden directory on your computer. MSP files are stored on your computer after update installation completes because they need to be referenced for future update operations. If the files are missing you will not be able to apply Office updates. You may also be unable to uninstall Office products as a result of the same problem."
Maybe you shouldn't have deleted the MSP files, the error tells you as much.
"MSP files are stored on your computer after update installation completes because they need to be referenced for future update operations"
this is why a "registry reference" would not work, it need to access parts of code contained within the previous updates.
Or is this a pirated copy of Office?
I bet you could pick up Word Perfect for just about nothing, and it hasn't been updated in years, so have fun.
Your pain, their profit.
The particular problem with MS Office referencing these old MSP files in order to process future patches doesn't occur with patches to the OS. I delete old XP patch files all the time and never have a problem subsequently running new XP updates.