Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Exploit Wednesday

  • Subject: Re: Exploit Wednesday
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Tue, 18 Jul 2006 15:52:55 +0100
  • Newsgroups: comp.os.linux.advocacy
  • Organization: schestowitz.com / Manchester University
  • References: <1153228810.286703.245570@s13g2000cwa.googlegroups.com> <2f5vg.41654$OT.37788@newsfe6-win.ntli.net>
  • Reply-to: newsgroups@xxxxxxxxxxxxxxx
  • User-agent: KNode/0.7.2
__/ [ Jim ] on Tuesday 18 July 2006 14:21 \__

> nessuno@xxxxxxxxxxxxxxxxxxx wrote:
> 
>> Quote:
>> ------------------
>> Another Microsoft Office exploit, Bifrose.UZ, was discovered last week.
>> It drops a backdoor using PowerPoint (PPT) files. The exploit was
>> discovered after a limited number of people received e-mail with the
>> PowerPoint file as an attachment.
>> 
>> So what's the deal with Microsoft Office and why the exploits? There
>> were Word fixes in June - Several Excel fixes were included in July's
>> patches - And now there is a PowerPoint exploit that will need to be
>> patched in August. See a pattern?
>> ----------------
>> End quote
>> 
>> http://www.f-secure.com/weblog/#00000922
> 
> Yup. Access is next.
> 
> September: Access
> October: Publisher
> November: Works
> December: Outlook
> ...
> 
> The cycle'll repeat until the next service pack rolls in (Q2 '07 anyone?)
> and push back Vista even further until it's but a Visual_Echo (AKA XPSP3)
> as the developers drop everything and scramble to fix the current flagship
> products.

The  most unfortunate (for Microsoft and its userbase)  fact
in  most  of these scenarios is that the user is  one  click
away from having the computer fully exposed and controllable
from the ourside. This is a worst case scenario, which _does
not  even  involve  the  kernel_.  Merely  having   software
installed on your O/S can compromise its grounds.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index