07.15.09
Eye on Microsoft: Attacks on Microsoft Office and Internet Explorer
Summary: A self-explanatory set of news articles
• Microsoft delivers 9 patches, but leaves one hole open (so typical)
The patches fix two bugs presently being used by hackers, but a third bug remains unaddressed
• Microsoft Office users attacked by cybercriminals
Microsoft Corp warned that cybercriminals have attacked users of its Office software for Windows PCs, exploiting a programing flaw that the software giant has yet to repair.
The world’s largest software maker issued the warning on Tuesday as it released patches to address nine other security holes in its software.
• Second unpatched ActiveX bug hits IE
Scallywags are using an unpatched vulnerability in an ActiveX component to distribute malware, Microsoft warned on Monday. The development adds to already pressing unresolved Internet Explorer security bug woes.
No patch is available for the Office Web Components ActiveX security hole, although there are workarounds which can be automated for enterprise rollouts. The flawed component is used by IE to display Excel spreadsheets, greatly increasing the scope for mischief. Win XP and Win 2003 systems are particularly at risk, while the additional security controls in Vista cover Microsoft’s modesty.
• Microsoft Keeps Beating a Dead Browser
The question is why? If the destination is what matters, why does Microsoft care so deeply what browser people use to get there? Maybe this: Unless Bing is the browser’s default search engine, no one will go there after the novelty wears off. That’s probably enough to make anyone at Microsoft lose their lunch.
• US State Dept. workers beg Clinton for Firefox
US State Department workers have begged Secretary of State Hillary Clinton to let them use Firefox.
“Can you please let the staff use an alternative web browser called Firefox?” worker bee Jim Finkle asked Clinton during Friday’s State Department town hall meeting.
“I just moved to the State Department from the National Geospatial Intelligence Agency and was surprised that State doesn’t use this browser. It was approved for the entire intelligence community, so I don’t understand why State can’t use it. It’s a much safer program.”
Presumably, the State Department is using Microsoft’s Internet Explorer. And we wouldn’t be surprised if it’s still mired in the eight-year-old IE6 [...]