04.05.09

Gemini version available ♊︎

There is Life After Conficker: Critical Microsoft Office Vulnerabilities

Posted in GNU/Linux, Microsoft, Office Suites, Security, Windows at 12:47 pm by Dr. Roy Schestowitz

Expensive office suites leave one’s bank account exposed to malice

Cash grab

Summary: Microsoft Office users are left critically vulnerable and no solution exists to prevent attacks

Conficker is far from gone, but the ‘vulnerabilities treadmill’ marches on. Another unpatched Microsoft Office vulnerability is already being exploited and Microsoft admits this. It is the same old and familiar routine, but Microsoft brought this vulnerability even to Apple Macs.

Microsoft has warned of a vulnerability in their PowerPoint application that can be exploited with a specially crafted presentation file to allow remote execution of code. According to the report, the vulnerability is caused by an invalid object in memory and affects Microsoft Office PowerPoint 2000 Service Pack 3, 2002 Service Pack 3, 2003 Service Pack 3 and Microsoft Office 2004 for Mac. Other versions are reportedly not affected.

More coverage in:

It would probably be more forgivable had it been patched on time, not been such a frequent occurrence, and Windows leadership not said that Microsoft products “just aren’t engineered for security.”

For a secure, free, and standards-compliant office suite, GNU/Linux is recommended because it comes preloaded with one (or several).

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

A Single Comment

  1. Yggdrasil said,

    April 5, 2009 at 7:42 pm

    Gravatar

    It’s important for readers to note that the first article link provided is already old. April 1st, 5 days old now. But why did Roy use this? Because the article paints a very bad picture. It’s got a scary headline, “It’s worse than we thought!” and uses a large, though unproven number of 10 million. It’s not uncommon for news media to try and scare readers. After all, playing on fears is a great way to ensure people read the articles and advertisers get the viewers.

    It would have been better to use something more recent, like this: http://www.theregister.co.uk/2009/04/03/conficker_zombie_count/

    “Conficker zombie botnet drops to 3.5 million” – amazing what a difference a few days makes when it comes to more accurate news reporting.

    However, this article doesn’t make Microsoft look as bad, so Roy will quickly dismiss this article. It’s not fit for BoycottNovell. He is only interested in the worst of the worst. Readers however, would be interested in being given more recent and accurate information.

DecorWhat Else is New

  1. Links 28/05/2023: eGates System Collapses, More High TCO Stories (Microsoft Windows)

    Links for the day

  2. IRC Proceedings: Saturday, May 27, 2023

    IRC logs for Saturday, May 27, 2023

  3. No More Twitter, Mastodon, and Diaspora for Tux Machines (Goodbye to Social Control Media)

    People would benefit from mass abandonment of such pseudo-social pseudo-media.

  4. Links 28/05/2023: New Wine and More

    Links for the day

  5. Links 27/05/2023: Plans Made for GNU's 40th Anniversary

    Links for the day

  6. Social Control Media Needs to be Purged and We Need to Convince Others to Quit It Too (to Protect Ourselves as Individuals and as a Society)

    With the Tux Machines anniversary (19 years) just days away we seriously consider abandoning all social control media accounts of that site, including Mastodon and Diaspora; social control networks do far more harm than good and they’ve gotten a lot worse over time

  7. Anonymously Travelling: Still Feasible?

    The short story is that in the UK it's still possible to travel anonymously by bus, tram, and train (even with shades, hat and mask/s on), but how long for? Or how much longer have we got before this too gets banned under the false guise of "protecting us" (or "smart"/"modern")?

  8. With EUIPO in Focus, and Even an EU Kangaroo Tribunal, EPO Corruption (and Cross-Pollination With This EU Agency) Becomes a Major Liability/Risk to the EU

    With the UPC days away (an illegal and unconstitutional kangaroo court system, tied to the European Union in spite of critical deficiencies) it’s curious to see EPO scandals of corruption spilling over to the European Union already

  9. European Patent Office (EPO) Management Not Supported by the EPO's Applicants, So Why Is It Still There?

    This third translation in the batch is an article similar to the prior one, but the text is a bit different (“Patente ohne Wert”)

  10. EPO Applicants Complain That Patent Quality Sank and EPO Management Isn't Listening (Nor Caring)

    SUEPO has just released 3 translations of new articles in German (here is the first of the batch); the following is the second of the three (“Kritik am Europäischen Patentamt – Patente ohne Wert?”)

  11. German Media About Industry Patent Quality Charter (IPQC) and the European Patent Office (EPO)

    SUEPO has just released 3 translations of new articles in German; this is the first of the three (“Industrie kritisiert Europäisches Patentamt”)

  12. Geminispace Continues to Grow Even If (or When) Stéphane Bortzmeyer Stops Measuring Its Growth

    A Gemini crawler called Lupa (Free/libre software) has been used for years by Stéphane Bortzmeyer to study Gemini and report on how the community was evolving, especially from a technical perspective; but his own instance of Lupa has produced no up-to-date results for several weeks

  13. Links 27/05/2023: Goodbyes to Tina Turner

    Links for the day

  14. HMRC: You Can Click and Type to Report Crime, But No Feedback or Reference Number Given

    The crimes of Sirius ‘Open Source’ were reported 7 days ago to HMRC (equivalent to the IRS in the US, more or less); but there has been no visible progress and no tracking reference is given to identify the report

  15. IRC Proceedings: Friday, May 26, 2023

    IRC logs for Friday, May 26, 2023

  16. One Week After Sirius Open Source Was Reported to HM Revenue and Customs (HMRC) for Tax Fraud: No Response, No Action, Nothing...

    One week ago we reported tax abuses of Sirius ‘Open Source’ to HMRC; we still wait for any actual signs that HMRC is doing anything at all about the matter (Sirius has British government clients, so maybe they’d rather not look into that, in which case HMRC might be reported to the Ombudsman for malpractice)

  17. Links 26/05/2023: Weston 12.0 Highlights and US Debt Limit Panic

    Links for the day

  18. Gemini Links 26/05/2023: New People in Gemini

    Links for the day

  19. IRC Proceedings: Thursday, May 25, 2023

    IRC logs for Thursday, May 25, 2023

  20. Links 26/05/2023: Qt 6.5.1 and Subsystems in GNUnet

    Links for the day

  21. Links 25/05/2023: Mesa 23.1.1 and Debian Reunion

    Links for the day

  22. Links 25/05/2023: IBM as Leading Wayland Pusher

    Links for the day

  23. IRC Proceedings: Wednesday, May 24, 2023

    IRC logs for Wednesday, May 24, 2023

  24. Links 25/05/2023: Istio 1.16.5 and Curl 8.1.1

    Links for the day

  25. Gemini Links 25/05/2023: On Profit and Desire for Gemini

    Links for the day

  26. SiliconANGLE: Sponsored by Microsoft and Red Hat to Conduct the Marriage Ceremony

    SiliconANGLE insists that paying SiliconANGLE money for coverage does not lead to bias, but every sane person who keeps abreast of SiliconANGLE — and I read their entire feed every day — knows that it’s a ludicrous lie (Red Hat/IBM and the Linux Foundation also buy puff pieces and “event coverage” from SiliconANGLE, so it’s marketing disguised as “journalism”

  27. Links 24/05/2023: Podman Desktop 1.0, BSDCan 2024, and More

    Links for the day

  28. Gemini Links 24/05/2023: Razors, Profit, and More

    Links for the day

  29. [Meme] When the Patent Office Controls Kangaroo Patent Courts and Judges

    The EPO has been hijacked by industry and its lobbyists; now the same is happening to EU patent courts, even though it is illegal and unconstitutional

  30. The Illegally 'Revised' Unified Patent Court Agreement (UPCA) is Disgracing the Perception of Law and Order in the European Union

    The Unified Patent Court (UPC) isn’t legal, the Unified Patent Court Agreement (UPCA) is being altered on the fly (by a person patently ineligible to do so), and so it generally looks like even patent courts across Europe might soon become as corrupt as the European Patent Office, which has no basis in the Rule of the Law and is basically just a front for large corporations (most of them aren’t even European)

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts