Results 1 to 5 of 5
  1. #1
    Retired Ray xrayzebra's Avatar
    Post Count
    9,096
    NBA Team
    San Antonio Spurs
    Microsoft: Use MS Word in Safe Mode
    May 23, 2006

    By Ryan Naraine
    Use Microsoft Word in safe mode to protect against targeted zero-day attacks.

    ADVERTISEMENT That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program.


    RELATED LINKS


    Unofficial Registry Script Blunts MS Word Zero-Day Attack
    Alert Raised for MS Word Zero-Day Attack
    Microsoft Rocked by New IE Zero-Day Flaw Warning
    Zero-Day Exploit Targets IE
    'Killbit' Workaround for Zero-Day IE Flaw Available

    In a pre-patch security advisory, Microsoft said the flaw can be exploited when a user opens a specially crafted Word file using a malformed object pointer.

    This corrupts system memory in such a way that an attacker could execute arbitrary code.

    The flaw can be exploited via the Web or via e-mail but, in both scenarios, an attacker would have to trick a user into opening the rigged Word file.

    In the absence of a patch, independent security researcher Matthew Murphy has released a registry script fix that sets a Software Restriction Policy that runs any instance of 'winword.exe' with the 'Basic User' policy.


    Because the current attack vector requires that the target is running the admin rights, the implementation of software restriction policies can reduce the effects the attack.

    Microsoft's advisory also contains step-by-step instructions for running the vulnerable Word 2002 and Word 2003 in safe mode.

    The company is recommending that users first disable the Outlook feature to use Word as the default mail editor before changing settings to run Word in safe mode.

    "Safe mode disables the functionality and prevents vulnerable code from being exploited," according to the advisory.

    Click here to read more about the early warnings about the MS Word zero-day attacks.

    Microsoft is also offering the following guidelines for Office do ents in safe mode:


    Do not open Word files that are embedded in other applications, such as Excel, PowerPoint and others.

    Even after applying the workarounds, do not open Word files directly from any mail clients—for example, Outlook or Hotmail—by double-clicking them. Save your Word do ent to a disk or onto your desktop and use the "Word Safe Mode" Shortcut.


    Do not open ".doc" files from a Web site via Internet Explorer or any other browser.

    If you do not see "Safe Mode" in Word le bar, you are not running Word in safe mode. Do not attempt to open any Word files as you may be vulnerable to the malicious ".doc" files.

    Use Word Viewer 2003 to open and view files. The free Word Viewer 2003 does not contain the vulnerable code and is not susceptible to this attack.
    In the attacks seen against select targets, two e-mail subject lines have been used. One is simply the word "Notice" and the other reads: "RE Plan for final agreement."

    Two e-mail ".doc" attachments have been reported: "NO.060517.doc.doc," and "PLANNINGREPORT5-16-2006.doc."

    Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

    Copyright (c) 2006 Ziff Davis Media Inc. All Rights Reserved.

    Maybe one of these Days MS will get all their stuff
    together.

  2. #2
    俺はまんこが大好きなんだよ baseline bum's Avatar
    Post Count
    97,883
    NBA Team
    San Antonio Spurs
    College
    UCLA Bruins
    In the absence of a patch, independent security researcher Matthew Murphy has released a registry script fix that sets a Software Restriction Policy that runs any instance of 'winword.exe' with the 'Basic User' policy.
    Spurs Fan?

    I just remember that name being thrown out by my fav Spurs troll of all-time, myballs.

  3. #3
    I can live with it JoeChalupa's Avatar
    Location
    Converse, TX
    Post Count
    21,547
    NBA Team
    San Antonio Spurs
    College
    Ohio State Buckeyes
    Word

  4. #4
    A neverending cycle Trainwreck2100's Avatar
    Post Count
    40,879
    NBA Team
    San Antonio Spurs
    College
    Texas Longhorns

  5. #5
    Injured Reserve Vashner's Avatar
    Post Count
    6,791
    NBA Team
    San Antonio Spurs
    I Haxxxorx U

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •