EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.25.09

Confirmed: Microsoft OOXML a Security Hazard

Posted in Formats, Google, Microsoft, Open XML, OpenOffice, Security at 1:58 pm by Dr. Roy Schestowitz

flickr:2400867976

SEVERAL MONTHS ago we warned that OOXML is not secure. Its dependence on a particular platform and office suite rendered it insecure by design just like those ‘origin’ formats, namely binaries, which it merely shuffled around (reassembled).

It is now official and also confirmed that OOXML files are not just insecure but there are also persistent attacks against new flaws (without any security patches being available, i.e. zero-day). To quote one of the more recent reports:

Some Open XML based products as Microsoft Excel are affected by a security flaw and the Trojan.Mdropper.AC.

There is fairly wide coverage of this problem, e.g. in:

Microsoft’s Excel spreadsheet program has a 0-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec.

A 0-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publicly revealed.

Heise Online calls this vulnerability “critical” (highest level of severity by another one Microsoft’s ‘standards’).

According to unconfirmed reports, the anti-virus manufacturer Symantec has found a trojan that seems to use a security hole in Microsoft Excel to remotely execute code on a user’s system. The attack is triggered by opening a maliciously crafted Excel file, causing an unspecified remote code-execution vulnerability.

One reader points out that “Microsoft is continuing its war against a universal office format.

“Notice in particular: ‘will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System

“What kind of hell is this causing in agencies, big businesses and schools? It’s not like they don’t have or could live with out the terabytes of electronic records now locked out by the kludge outlined above.”

Such problems could first be seen a year ago when Microsoft’s OOXML crimes were still prevalent. To make matters worse, Microsoft will continue to drift further away from ECMA OOXML, probably to gravitate in its own proprietary direction. Office 14, for example, is not committed to any real standards and according to yesterday’s report from Mary Jo Foley, it’s already delayed anyway.

Ballmer: Office 14 not this year

[...]

However, last year, more than a few times execs slipped up and indicated Office 14 would ship in 2009.

Things are not working well for Redmond these days. For real profit, Microsoft is highly dependent on Office which is its most profitable product (and one of the few that are actually profitable). Unless Microsoft can reinforce planned obsolescence and convince people to buy an upgrade they do not need, there’s great trouble ahead. The economic meltdown does not help.

OpenOffice.org makes a remarkably familiar substitute and Google Apps, among other SaaS alternatives, gain momentum despite the slew of disinformation from former Microsoft employees (masquerading as research firms).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. White House Should Identify USPTO as the Problem, Not Patent Trolls

    Continued analysis, accompanied by new stories, of the patent situation and what is needed to address the increasingly recognised harms of patents

  2. British and German Governments Under Siege by Lobbyists of Microsoft and Its Local Partners, Free Software Policy Dumped in Favour of Backdoors-Enabled Binaries

    Following lobbying and perhaps intimidation or bribery, Microsoft binaries with privileged access to them (ripe for cracking by the malpractising NSA/CIA) are being put ahead of Free/libre software, despite the latter being recently mandated

  3. Links 18/6/2013: Ubuntu Linux for Phones Attracts Carriers, Nokia Might be Saved by China/Android

    Links for the day

  4. Judge Jackson Dies While Microsoft Continues to Abuse the System, This Time Using Nokia as a Front

    The abusive behaviour of Microsoft continues unabated long after Judge Jackson warned about the sociopathic management and its dangers

  5. Microsoft Dirty Tricks to Promote Xbox One Vapourware

    The hallmarks of Microsoft -- AstroTurfing, vapourware, developers disdain and interference with journalism -- found sparingly in the gaming consoles scene

  6. Microsoft is Not Done With SCO Yet

    The SCO v. IBM case is reopened, despite a glaring lack of funds, resuming the FUD against Linux

  7. Boycott Best Buy

    The company with history of hostility towards GNU/Linux is now becoming part of Microsoft

  8. Links 17/6/2013: Android's Extended Lead Over iOS, Sony Smartwatch Gets FOSS

    Links for the day

  9. IRC Proceedings: June 9th, 2013-June 15th, 2013

    IRC logs for June 9th, 2013 (and subsequent days until June 15th, 2013)

  10. Upgrading/Updating Techrights

    Server maintenance complete, making pageloads faster and the Web site more robust, hence resilient against attacks

  11. Links 15/6/2013: IBM and KVM, KDE 4.11 Beta

    Links for the day

  12. Confirmed: Microsoft Tells the NSA About Back Doors in Windows

    Official confirmation that the NSA is being notified about ways of hijacking Windows before Microsoft releases fixes

  13. Still Missing the Point of Patent Scope (Patents on Mathematics and Nature) as the Problem in the United States

    Examples of some new reports that deal with the suggested patent reform in the US and why it is misguided

  14. Germany Should Follow the 'Munich Model' and Move to Free Software After PRISM Revelations

    Despite the success story of Munich and the increasing distrust surrounding proprietary software, bureaucrats in Berlin refuse to abandon Microsoft just yet

  15. Bill Gates Looking for Profit in Privatised Oppression in the United Kingdom and Elsewhere

    Famous criminal Bill Gates pays the privatised police forces in the UK to get more profit while keeping popular movements dampened

  16. Links 14/6/2013: Linux Innovation Debated, Video of Megaupload Raid

    Links for the day

  17. As the Battle to Legitimise Software Patents in New Zealand and Europe Carries on, New Systemic Corruption Found

    A roundup of stories from battlegrounds for software patents "as such"

  18. Microsoft Talking Points Planted by Microsoft Staff in the Geek Press

    Microsoft is playing with editorial staff of Slashdot, marketing itself as a FOSS company

  19. A Big Blow to Patents on Software and Genetics in the United States, But Hardly the End

    Little progress made with policy moving in the right direction, but by no means the right and absolute solution to USPTO incompetence

  20. Microsoft Supports Apple in Fight Against Linux/Android, Pushing FRAND

    Microsoft publicly steps forward as part of Apple's war on Linux/Android, making the anti-FOSS alliance more visible than before

  21. Rape Jokes Are Not Going to Save Microsoft

    Microsoft's attempts at being "cool" are not working out and the Vista series is falling to obscurity levels

  22. Glenn Greenwald Should Copy Snowden's Leak for Wikileaks to Publish in Full in Order to Counter Denials of Microsoft et al. (Updated)

    There should be more to come from the whole PRISM/NSA-gate, but the ball is in the court of one activist/lawyer/blogger, Glenn Greenwald

  23. Links 13/6/2013: CyanogenMod Gets Incognito Mode

    Links for the day

  24. Links 12/6/2013: Linux 3.11 Previews, KDE Working in Wayland

    Links for the day

  25. CNN: Where Agenda and Lobbying Trump Facts and Justice

    Corporate propaganda channel is being used by a Microsoft lobbyist to demonise Android -- not companies that attack Android -- by essentially twisting reality

  26. Obama Administration Misuses the 'T Word' (Troll) to Dodge Serious Issues

    Failing to see how patents themselves actually distort the market for everyone (not just some large corporations), Obama wants to wash his hands with legislation that will resolve nothing and legitimise the notoriously unsupervised patent regime

  27. Links 11/6/2013: More on PRISM and Snowden, Linux Mint Increasingly Praised

    Links for the day

  28. PRISM Lite: Bill Gates and Rupert Murdoch Collecting Information About Everybody's Children

    A surveillance scheme for juniors and how it is being used to program the young generation to support patent monopolies of Bill Gates, such as GMO

  29. White House Should Go After the Trolls' Ringleaders, Not Just Patent Trolls

    Why the stance of the White House is misguided and short-sighted in an age when trolls are like mercenaries for players in conspiracies and pyramid schemes of patents

  30. Novell's Acquirer Says the Brand Was Tarnished

    Attachmate's CEO acknowledges that Novell lost much of its lustre when it was acquired

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts