Attackers targeting Microsoft Office with no quarter
From the eWeek Security blog:
Microsoft Office Under Siege
News Analysis: Attackers and flaw finders are pounding away at Microsoft Office applications, discovering new ways to attack millions of Windows machines. Can Microsoft cope with the deluge of flaws?
What started as an amusing eBay listing of an Excel vulnerability for sale has developed into an all-out hacker assault on Microsoft Office applications.
Security researchers and malicious hackers have zeroed in on the desktop productivity suite, using specialized “fuzzing” tools to find a wide range of critical vulnerabilities in Word, Excel and PowerPoint file formats.
http://www.eweek.com/article2/0,1759,2002421,00.asp
Today I was installing Microsoft FrontPage on my work desktop.
After the installation it reminded me to check for Office updates.
I thought, no sweat. Our desktops run Windows Update daily. I didn’t think I’d have any updates to install and could get strait to work.
Boy was I wrong. Well, it seems that Office Update does not always talk to Windows Update. I had at least 4 critical security updates in Office!
How in the heck can that happen? This machine has been running Windows Update daily, as far as I know.
Perhaps I’m wrong. Perhaps there is some misconfiguration in my Windows Update, but could it possibly be that Windows Update does nothing but update kernel level software (IE, Windows Media Player, Microsoft Messenger, Windows OS, and other highly critical pieces of software (sarcasm))?
Schweet…
Bill