New zero day exploit

Discussion in 'Security' started by Trouble, Apr 9, 2017.

  1. Trouble

    Trouble Noob Whisperer Moderator

    Joined:
    Nov 19, 2013
    Messages:
    9,779
    Likes Received:
    1,338
    Location:
    Northwest Indiana U.S.A.
    Trouble, Apr 9, 2017
    #1
    Ian likes this.
    1. Advertisements

  2. Trouble

    Tim Locke

    Joined:
    May 6, 2015
    Messages:
    1,689
    Likes Received:
    212
    Location:
    Guelph On
    Also in ArsTechnica
     
    Tim Locke, Apr 10, 2017
    #2
    1. Advertisements

  3. Trouble

    Regedit32 Moderator

    Joined:
    Mar 4, 2016
    Messages:
    2,160
    Likes Received:
    560
    So assuming Microsoft patch this exploit, the next question is will they offer that patched support to earlier editions of Microsoft Office, or only for those investing in the latest edition.
     
    Regedit32, Apr 10, 2017
    #3
  4. Trouble

    Trouble Noob Whisperer Moderator

    Joined:
    Nov 19, 2013
    Messages:
    9,779
    Likes Received:
    1,338
    Location:
    Northwest Indiana U.S.A.
    Good question.
    I would assume that as long as the particular Office product has not reached "End of Life Support" that it would still receive security updates.
    As best I can determine Office 2007 SP3 is on the chopping block for October 31st this year.
     
    Trouble, Apr 10, 2017
    #4
  5. Trouble

    Regedit32 Moderator

    Joined:
    Mar 4, 2016
    Messages:
    2,160
    Likes Received:
    560
    Yes that is what I'd expect them to do.

    However, given this exploit presumably has existed for far longer than Office 2007, I personally feel they are obliged to provide security support to all Editions affected.

    I regularly see people providing me documents created in earlier editions of Office hence the concern.
     
    Regedit32, Apr 10, 2017
    #5
  6. Trouble

    Trouble Noob Whisperer Moderator

    Joined:
    Nov 19, 2013
    Messages:
    9,779
    Likes Received:
    1,338
    Location:
    Northwest Indiana U.S.A.
    I really couldn't say.
    The article specifically mentions "winword.exe" and then specifically mentions an "RTF file" (rich text format).
    I have some additional concerns regarding the native WordPad application which has been around practically forever and......
    I believe that .rtf (rich text format), is still the default save extension for that product.
     
    Trouble, Apr 10, 2017
    #6
  7. Trouble

    Regedit32 Moderator

    Joined:
    Mar 4, 2016
    Messages:
    2,160
    Likes Received:
    560
    That's a good point Trouble.

    I'm hoping when the patch is released some more information on the actual exploit will be made available so all antivirus companies can at least provide a measured form of protection against it.

    Until I hear differently I'll just have to insist those providing me word files use the doc or docx extension and hope the exploit cannot travel from a rtf file to another format if the original file saved as another extension was rtf.
     
    Regedit32, Apr 10, 2017
    #7
    Ian likes this.
  8. Trouble

    Data Chief Operations Officer

    Joined:
    Apr 13, 2017
    Messages:
    427
    Likes Received:
    80
    Location:
    Warping out of sector 0 aboard the NCC-1701-E
    Has this not been patched over patch Tuesday already?
     
    Data, Apr 13, 2017
    #8
  9. Trouble

    Data Chief Operations Officer

    Joined:
    Apr 13, 2017
    Messages:
    427
    Likes Received:
    80
    Location:
    Warping out of sector 0 aboard the NCC-1701-E
    I PM Trouble with exploit details, despite it being available in some reputable and public websites, I thought best not to let it loose around here, you never know what some kids will do)

    The patches for this exploit were released https://www.catalog.update.microsoft.com/Search.aspx?q=KB4014793 that information is available at https://support.microsoft.com/en-gb/help/4014793/title

    Ms offer more information about patches at https://portal.msrc.microsoft.com/en-US/security-guidance (must accept terms of service to view)

    Talk about convoluted methods, I believe all information relevant should be readily available not hidden in sub-levels
     
    Data, Apr 19, 2017
    #9
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. Calab
    Replies:
    5
    Views:
    1,415
  2. Bud Kepford
    Replies:
    2
    Views:
    531
    BigFeet
    Jul 31, 2015
  3. ScreaminEd

    Broadband Internet For Only A Day

    ScreaminEd, Aug 3, 2015, in forum: Networking
    Replies:
    16
    Views:
    2,732
    hTconeM9user
    Oct 13, 2015
  4. leprince1
    Replies:
    5
    Views:
    821
    leprince1
    Aug 6, 2015
  5. Highway

    Good day

    Highway, Aug 9, 2015, in forum: Introductions
    Replies:
    6
    Views:
    503
    Highway
    Aug 9, 2015
  6. Dfriend

    First day and major issues

    Dfriend, Aug 13, 2015, in forum: Windows 10 Support
    Replies:
    1
    Views:
    588
    Trouble
    Aug 13, 2015
  7. Tobori

    Windows 10 30 day rollback is broken!

    Tobori, Aug 19, 2015, in forum: Crashes, BSODs and Debugging
    Replies:
    17
    Views:
    1,228
    Atomic
    Aug 22, 2015
  8. Frank Meyers
    Replies:
    1
    Views:
    1,185
    Eli Raven
    Apr 30, 2016
Loading...