back to article Fresh Microsoft Office franken-exploit flops – and you should have patched by now anyway

A booby-trapped .RTF file is doing the rounds that combines two publicly available Microsoft Office exploits. Opening the document in a vulnerable installation of Office is supposed to lead to arbitrary execution of any malicious code within the file. Cisco's security outfit Talos believes "the attackers used the combination …

  1. Anonymous Coward
    Anonymous Coward

    Yawn

    Another day hour, another Microsoft problem.

    Wake me up when they manage to bring out something that's actually safe, because THAT would be news.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yawn

      Wake me up when any modern software or service is safe (from current and any future issues) that would be news.

      1. Captain Scarlet
        Trollface

        Re: Yawn

        @AC I suggest you start using an Abacus

    2. Anonymous Coward
      Anonymous Coward

      Re: Yawn

      https://www.microsoftmerchandise.com/Shop#/

      There's always one smart arse and today it's me.

      1. Captain Scarlet
        Paris Hilton

        Re: Yawn

        Calm down I used the Troll icon to show I was trolling.

        I can't claim to be to smart as whilst formatting an external drive I discovered I hadn't turned it on and Windows had done exactly what I told it to and formatted my secondary data drive.

  2. TheElder

    Don't use Office

    I use SoftMaker.

    1. Pascal Monett Silver badge

      I'm on LibreOffice for home use.

      Goog enough for what I need, and I'm not concerned by Office attacks.

      1. Anonymous Coward
        Anonymous Coward

        I'm on LibreOffice for home use.

        We actually managed to use it in the office :). We've got a few people on 5.4, the rest on the latest 5.3. The only major irritation is that LO's update process seriously sucks if you don't speak American because an update involved updating the main package, then applying a language pack, then setting the application to the language pack's language instead of the language pack doing that by itself.

        Leaving that aside it's OK because it gets rid of the need to run one specific OS. Techs run it on Linux, office staff run it on macos.

  3. ~chrisw
    Facepalm

    Perhaps it's time to dust down the Lotus SmartSuite CD...

  4. Anonymous Coward
    Windows

    Still, in the end...

    It all boils down to using some common sense when opening stuff from unknown sources. Yet that's the thing people keep failing at over and over and over again despite the tons of warnings and example cases.

    1. handleoclast

      Re: Still, in the end...

      It all boils down to using some common sense when opening stuff from any source.

      FTFY.

      Or are you the kind of guy who opens attachments from your pal Fred with the subject line "You'll never guess what happens next!" Faking the sender address is fairly common. Digging into the address book on a compromised machine is perhaps less common than it used to be, but still happens.

      As far as I'm concerned, "only open stuff if you know who sent it" is bad advice. Well-intentioned, but incomplete enough to be dangerous.

      1. Anonymous Coward
        Anonymous Coward

        Re: Still, in the end...

        Digging into the address book on a compromised machine is perhaps less common than it used to be, but still happens.

        I've given you an upvote for that, because I've seen that happen with targeted attacks. Someone trying to mount an APT starts with mining stolen databases for any email addresses of the target company and then calmly loads up an email attack. It only takes one person to make a mistake, and sadly, most email admins are not versed enough in security to reject emails purporting to come from a company address if they originate from outside.

        Secondly, the above is just one risk vector. There's also the trusted insider..

  5. ColonelDare

    Or...

    Maybe LibreOffice?

    I know it's not perfect (I've used LO/OO for 7 or 8 years now and had a few hiccups) but at least there are shed loads of good people to fix stuff when it becomes problematical. I'm quite calm about that.

    1. wallaby

      Re: Or...

      Complacency is no excuse,

      One day someone will get round to attacking whatever package it is you use,

      there are tossers of all flavours out there - just most of them seem to directing attention at MS products at the moment.

  6. Anonymous Coward
    Anonymous Coward

    poor testing or quality control procedures fingerprint

    'The code doesn't work properly, though, indicating "poor testing or quality control procedures", Talos said'

    A microsoft fingerprint, who else has no QA dept?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like