EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.25.09

Confirmed: Microsoft OOXML a Security Hazard

Posted in Formats, Google, Microsoft, Open XML, OpenOffice, Security at 1:58 pm by Dr. Roy Schestowitz

flickr:2400867976

SEVERAL MONTHS ago we warned that OOXML is not secure. Its dependence on a particular platform and office suite rendered it insecure by design just like those ‘origin’ formats, namely binaries, which it merely shuffled around (reassembled).

It is now official and also confirmed that OOXML files are not just insecure but there are also persistent attacks against new flaws (without any security patches being available, i.e. zero-day). To quote one of the more recent reports:

Some Open XML based products as Microsoft Excel are affected by a security flaw and the Trojan.Mdropper.AC.

There is fairly wide coverage of this problem, e.g. in:

Microsoft’s Excel spreadsheet program has a 0-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec.

A 0-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publicly revealed.

Heise Online calls this vulnerability “critical” (highest level of severity by another one Microsoft’s ‘standards’).

According to unconfirmed reports, the anti-virus manufacturer Symantec has found a trojan that seems to use a security hole in Microsoft Excel to remotely execute code on a user’s system. The attack is triggered by opening a maliciously crafted Excel file, causing an unspecified remote code-execution vulnerability.

One reader points out that “Microsoft is continuing its war against a universal office format.

“Notice in particular: ‘will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System

“What kind of hell is this causing in agencies, big businesses and schools? It’s not like they don’t have or could live with out the terabytes of electronic records now locked out by the kludge outlined above.”

Such problems could first be seen a year ago when Microsoft’s OOXML crimes were still prevalent. To make matters worse, Microsoft will continue to drift further away from ECMA OOXML, probably to gravitate in its own proprietary direction. Office 14, for example, is not committed to any real standards and according to yesterday’s report from Mary Jo Foley, it’s already delayed anyway.

Ballmer: Office 14 not this year

[...]

However, last year, more than a few times execs slipped up and indicated Office 14 would ship in 2009.

Things are not working well for Redmond these days. For real profit, Microsoft is highly dependent on Office which is its most profitable product (and one of the few that are actually profitable). Unless Microsoft can reinforce planned obsolescence and convince people to buy an upgrade they do not need, there’s great trouble ahead. The economic meltdown does not help.

OpenOffice.org makes a remarkably familiar substitute and Google Apps, among other SaaS alternatives, gain momentum despite the slew of disinformation from former Microsoft employees (masquerading as research firms).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links - MSNokia Passes Blame, Bill Gates pushes GMOs, Open Access news



  2. Links 7/2/2012: Firefox 11 Enters Beta, Canonical Disappoints KDE

    Links for the day

  3. IRC Proceedings: February 6th, 2012

    IRC logs for February 6th, 2012

  4. IRC Proceedings: February 5th, 2012

    IRC logs for February 5th, 2012

  5. Links 6/2/2012: PCLinuxOS 2012.02 and Mint KDE Reviews

    Links for the day

  6. Bill Gates Indoctrinates Youth in the United States and India, Critics Speak Out

    Backlash against the Gates Crusade to brainwash the young minds all around the world

  7. Bill Gates Uses Symbolic 'Donation' to Force Taxpayers to Pay Microsoft (of Which He Holds Shares)

    The Gates Foundation goes lobbying for Microsoft again, this time in Vietnam

  8. Monopoly as Innovation?

    Challenging the old misconception that patents are beneficial to anything but few multinationals and their patent lawyers

  9. Links 5/2/2012: Lenovo in India, Netrunner 4.1 is Out

    Links for the day

  10. IRC Proceedings: February 4th, 2012

    IRC logs for February 4th, 2012

  11. OpenStack, Microsoft, Junk Patents, Microsoft Copyrights, and Oracle Copyrights

    Another look at the OpenStack situation, why Microsoft should not be allowed to enter, and more about patent and copyright complications

  12. Apple, Which Started Patent Wars, Gets What It Deserves

    Apple products get banned (for the time being) after Apple decided to attack Linux-supporting competitors and then received some blowback

  13. Unitary Patent and the Emergence of More Junk Patents

    The rise of the junk patents and what we are taught about them by the news, including some news about the unitary patent in Europe

  14. Backlash Against Bill Gates' Lobbying for Patented Life

    GMO, a robbery of the right of reproduction (and a potential health hazard), is promoted by Bill Gates for profit, whereupon critics strike back

  15. IRC Proceedings: February 3rd, 2012

    IRC logs for February 3rd, 2012

  16. Links 4/2/2012: Ubuntu 12.04 Alpha 2 Preview, ACTA Backlash in Europe

    Links for the day

  17. A Glimpse at Executives Who Left the Sinking Novell Ship

    A roundup of news about former Novell staff and where that staff is moving these days

  18. Novell Makes New Software for Microsoft Windows and Office

    PR spin from Novell and money-grabbing moves that promote proprietary software rather than Free/Open Source software

  19. Links 3/2/2012: BT Vision Goes for Linux, Linux 3.3 With Android

    Links for the day

  20. Debt in Attachmate

    The company that bought Novell has a poor outlook, financial issues, and little signs of expansion/renaissance

  21. Longtime SUSE Executive Holger Dyroff Moves on, SUSE in a Bad State

    Key people continue to leave SUSE and the distribution is left without a compelling sales pitch

  22. Groklaw Update on Android Patent Cases and Response to FUD From Microsoft Lobbyists

    A few updates of greater importance where the Linux situation is discussed in the context of Android and Novell

  23. IRC Proceedings: February 2nd, 2012

    IRC logs for February 2nd, 2012

  24. Links 2/2/2012: DEFT Linux 7, Mozilla Firefox 10

    Links for the day

  25. IRC Proceedings: February 1st, 2012

    IRC logs for February 1st, 2012

  26. IRC Proceedings: January 31st, 2012

    IRC logs for January 31st, 2012

  27. IRC Proceedings: January 30th, 2012

    IRC logs for January 30th, 2012

  28. Bill Gates is Hijacking Open Source While Attacking It Using Lobbyists, Patents, and Patent Trolls

    Response to reputation laundering from Wired Magazine, the latest nonsense from Microsoft's lobbyist Florian Müller, an update on Microsoft's trolling against Android, and a little more of Apple's

  29. The Gates Foundation is Still Hijacking the Voice of the Poor and Effectively Runs Paid Advertisements Inside 'News'

    Money still the vehicle by which opinions get heard, so Bill Gates exploits this for fame, power, and profit

  30. Bill Gates and Rupert Murdoch Liaise to Take Over Minds of Children

    The latest dangerous hijack of education systems and the role played by creepy plutocrats with control over the press

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts