In case you've been stuck in a cave for the past week, there's a new 0-day Microsoft Word vulnerability circulating. Microsoft has acknowledged the issue in an advisory, and they are currently working on a patch. However, since it'll be a couple weeks before a patch is forthcoming, they're proposing a workaround in the meantime: use Word in safe mode only and make a few minor changes to the way you use Word in the interim until a patch is released.
According to MIcrosoft, protecting yourself from this issue is easy - just follow a few simple steps:
1) change anything that starts word (shortcuts, etc.) to use the /safe swtich
2) change Outlook to not use Word as the editor
3) change your email client to never launch word
4) change your browser to refrain from launching word
5) refrain from opening word files that may be embedded in other applications (e.g. Excel).
Oh, and don't forget to keep an eye on the Word titlebar anytime it starts to make sure it says "Safe Mode" each and every time you use Word. Of course, if you don't have Administrator access on your machine, you may need the assistance of the helpdesk to make some of these changes.
Simple, right? NOT! Really, how many users does Microsoft think will actually follow this procedure? Look: I'm a security professional and I know about the problem - and I'm *still* not going to follow the suggested steps because they're so intrusive and time-consuming. If I'm not going to do it, how likely is it that Old Uncle Jebadiah who barely knows how to check email is going to do it? That's about as probable as Ashlee Simpson winning a Grammy for "Best Vocal Performance".
So where does that leave us? Here's a 0-day remote execution issue that impacts 90+ percent of the desktops in existance, *and* the vendor suggested workaround is so convoluted that we can be certain nobody will do it. Let the countdown to the malware-storm begin. Thanks, Uncle Bill!
Posted by Ed at May 24, 2006 09:04 AM | TrackBack