Bonum Certa Men Certa

Confirmed: Microsoft OOXML a Security Hazard

flickr:2400867976



SEVERAL MONTHS ago we warned that OOXML is not secure. Its dependence on a particular platform and office suite rendered it insecure by design just like those 'origin' formats, namely binaries, which it merely shuffled around (reassembled).



It is now official and also confirmed that OOXML files are not just insecure but there are also persistent attacks against new flaws (without any security patches being available, i.e. zero-day). To quote one of the more recent reports:

Some Open XML based products as Microsoft Excel are affected by a security flaw and the Trojan.Mdropper.AC.


There is fairly wide coverage of this problem, e.g. in:



Microsoft's Excel spreadsheet program has a 0-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec.

A 0-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publicly revealed.


Heise Online calls this vulnerability "critical" (highest level of severity by another one Microsoft's 'standards').

According to unconfirmed reports, the anti-virus manufacturer Symantec has found a trojan that seems to use a security hole in Microsoft Excel to remotely execute code on a user's system. The attack is triggered by opening a maliciously crafted Excel file, causing an unspecified remote code-execution vulnerability.


One reader points out that "Microsoft is continuing its war against a universal office format.

"Notice in particular: 'will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System'

"What kind of hell is this causing in agencies, big businesses and schools? It's not like they don't have or could live with out the terabytes of electronic records now locked out by the kludge outlined above."

Such problems could first be seen a year ago when Microsoft's OOXML crimes were still prevalent. To make matters worse, Microsoft will continue to drift further away from ECMA OOXML, probably to gravitate in its own proprietary direction. Office 14, for example, is not committed to any real standards and according to yesterday's report from Mary Jo Foley, it's already delayed anyway.

Ballmer: Office 14 not this year



[...]

However, last year, more than a few times execs slipped up and indicated Office 14 would ship in 2009.


Things are not working well for Redmond these days. For real profit, Microsoft is highly dependent on Office which is its most profitable product (and one of the few that are actually profitable). Unless Microsoft can reinforce planned obsolescence and convince people to buy an upgrade they do not need, there's great trouble ahead. The economic meltdown does not help.

OpenOffice.org makes a remarkably familiar substitute and Google Apps, among other SaaS alternatives, gain momentum despite the slew of disinformation from former Microsoft employees (masquerading as research firms).

Recent Techrights' Posts

IBM Stock Collapses and It's Only the Beginning
Will GAFAM soon follow and will any executives be arrested for the accounting fraud insiders have long cautioned about?
 
Heshan de Silva-Weeramuni Becomes Program Manager at the Free Software Foundation (FSF)
Heshan's addition means that the FSF is growing after a solid financial year (best in years)
Michael McMahon Explains Distributed Denial of Service (DDoS) Attacks on the Free Software Foundation (FSF)
The real solution is a curb on botnets. A mitigation strategy, however, would involve going static.
Matters of Public Safety
"Police say Ann Widdecombe killed in 'targeted attack' as motive investigated"
The Register MS and Its Promotional Microsoft Content
It's not too hard to see what the business model of The Register MS is
IBM: From $306 to $212 in 7 Days, IBM Won't Go Up More Than 50% to Where It Was at 'Peak Vapourware'
There's a limit to how much or how long a company can fake its performance and its potential [...] Early this morning a few insiders ("traders") cashed in on their "pump-n-dump"
Red Hat Staff Needs to Start Looking for the Next Job
Workers can conveniently lie or deny it to themselves, but waves of PIPs ("silent layoffs") will sweep over more and more units or teams as the company runs out of money to play with
IBM the Next Bear Stearns
IBM cannot recover if all it has to show is vapourware
I'll Be Extremely Difficult for Microsoft to Sell Any XBox Consoles Now
Microsoft understands this
How Software Freedom Would Benefit Everybody
A society that denies control by greedy companies would do a disservice to monopolies and improve all services to citizens
Links 14/07/2026: Harsh But Also Fair Criticism of Hey Hi (AI) Slop, 'Open' AI Shuts Down Its Own Products as Funds Run Out
Links for the day
Gemini Links 14/07/2026: Old CD Binder and AWK
Links for the day
In Defence of Physical Tickets
Tickets are not some "app" and not some "code" on some "screen"
Microsoft Layoffs Not Limited to XBox (False Narrative in the Mainstream Media)
Microsoft is becoming less relevant and workforce reductions won't end any time soon
Links 14/07/2026: Plagiarism Spun as "Training", Zelensky Announces Leadership Shuffle
Links for the day
The Register MS Has Just Published "AI" Webspam That Mentions "AI" 54 Times. It Was Paid to Do This.
Who pays for all this "AI" hype or "buzz"?
Gemini Links 14/07/2026: Self-Advocacy Online; "The Internet Is Dead: How the Web Lost Its Human Soul"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 13, 2026
IRC logs for Monday, July 13, 2026
Modern Technology Harms Women More Than Men (Because the 'Tech Bros' Who Dominate STEM Have a Poor View of Women)
“Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance.”
Internet Relay Chat Trolls Are Not Expressing Opinions, They Are Saboteurs
For the record
Links 14/07/2026: "The Freedom of Information Act Is in Serious Trouble"; Irish Datacenters Use Up Almost 25% of Total Energy
Links for the day
The Register MS: "AI" Puff Pieces for Sale, Not Journalism at All, Just "Webspam"
The Register MS isn't the sole culprit
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 12, 2026
IRC logs for Sunday, July 12, 2026
How We Do Techrights (and What's Changing Next Week)
Many former news sites no longer yield much non-meaningless news (not anymore); there's a gap to be filled
Links 12/07/2026: Palantir Unrest and Wireshark 4.6.7
Links for the day
Links 12/07/2026: New Instrument Time and PalmOS Experiences in 2026
Links for the day
Red Hat Staff Says IBM Policy Has Stigmatised Him as a Tool and a Slopper With Plagiarism Tools
IBM is killing Red Hat with slop
Freedom of Choice or Freedom Versus Choice (or When All Choices Are Incompatible With Freedom)
When some business asserts that it gives people different options, then it can rightly argue that it offers some choices, but that is not the same as freedom
Techrights IRC Turns 5 Without a “Code of Conduct”, “Code of Conduct Committee”, and All Those Bureaucratic Nightmares
18+ years if one counts our time in Freenode as well
Why U No Use AI???
Many hype waves come and go
There Are Still Slopfarms in Google News
Google is trying to participate in if not lead this pyramid scheme
The Cyber Show Explains How Slop and Promotion of Slop is About Taking Control Away From Computer Users
"On making a trustworthy machine"
Keeping Available the Site at All Times
Informal arrangements and crowdfunding keep our work available despite resistance (including from people who break the law)
What If "Era of AI" and "AI Revolution" (Fake News) Never Happened?
So how much longer before the bust (or bubble-burst)?
GNU/Linux Approaches 5% in Australia
5% by year's end?
Europe/EU is Moving Towards Independence, Fast to Adopt Free Software
More and more states (governments, public sector) in Germany are dumping Microsoft
GNU/Linux Grows at the Expense of Windows
People who want to get work done already left Windows
Tux Machines Growing as a Volunteers-Run Site
Historically the site did not have many original stories, but this changed as the audience grew and the site gained more recognition
Links 12/07/2026: European Commission Versus ‘Addictive Design’, "Google Loses Final Appeal Over $4.7 Billion EU Android Antitrust Fine"
Links for the day
GNU/Linux Market Share Increases Some More Today, statCounter Measures It at 7.3%
Will more such thresholds and records be broken?
Gemini Links 12/07/2026: Studying Languages and 2026 Old Computer Challenge (OCC)
Links for the day
EPO "Cocaine Communication Manager" - Part XIII - At the EPO, Cocaine Addicts and Their Friends Are "Protected Class"
What does that tell us about the EPO?
Increasing Output by Focusing on Originals
It's probably more important to carry on with these than it is to keep abreast of non-crucial news
Amid Strikes and Industrial Actions, Young Professionals at the European Patent Office (EPO) Kept on 'Short Leash', According to the Local Staff Committee The Hague
Issues affecting Young Professionals
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 11, 2026
IRC logs for Saturday, July 11, 2026