recent posts

Web Fraud 2.0: Distributing Your Malware
Opera Update Plugs Multiple Security Holes
Web Fraud 2.0: Digital Forgeries
Web Fraud 2.0: Validating Your Stolen Goods
Web Fraud 2.0: Cloaking Connections

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Microsoft Warns of More Office Exploits

Just days after Microsoft issued patches to plug some 20 security holes in its software, the software giant is warning users that bad guys are exploiting two more vulnerabilities in its Office product suite.

On Valentine's Day, Microsoft said it had received reports of a previously unknown flaw in Office 2000 and Office XP. Now, Symantec is reporting that there is a virus honing in on an unpatched PowerPoint bug. Microsoft has not confirmed that report.

We've seen this pattern before. Hackers wait until Microsoft issues its monthly batch of patches to start exploiting unpatched flaws that they've found or purchased from bug-finders. The hackers well know that they can exploit them for at least another four to eight weeks before Microsoft can offer a patch.

In early January, Security Fix published a study of critical patches Microsoft issued in 2006 for Office products. Those accounted for nearly half of all critical updates the company shipped last year. I predicted that Office would continue to be the company's Achilles heel this year, and so far that appears to be true. This latest PowerPoint bug could be the 14th critical security hole reported in Office this year. If it continues at this rate, Microsoft will have patched more than twice as many Office vulnerabilities by the end of this year than it did in all of 2006.

Be extremely cautious of opening e-mail attachments that you weren't expecting -- even if they appear to have been sent by someone you know and trust. If you harbor doubts about whether the sender really meant for you to click on an e-mail attachment, fire off a brief reply to confirm its validity before opening it.

By Brian Krebs |  February 16, 2007; 3:52 PM ET Latest Warnings
Previous: Apple Works To Stave Off Big Mac Attack | Next: Microsoft to Tighten Anti-Piracy Noose in Vista

Comments

Please email us to report offensive comments.



Haha, maybe they should hold a "NSFW Awards" ceremony.

Bob Hasko
www.TeesMyBody.com T-Shirts

Posted by: TeesMyBody.com T-Shirts | February 18, 2007 3:38 PM

Those of you who may have been following the case of Julie Amero -- the Connecticut middle school substitute teacher who was convicted of exposing children to pornography -- here is a blog entry from Dan Axelrod, the "education" writer for the local newspaper, The Norwich Bulletin:

Tuesday, February 06, 2007

Enough. Enough e-mails, phone calls and letters to the editor defending Julie Amero. I'm sick of them. The worst part of all is that people jump to these conclusions without viewing any of the evidence or police documents. Here are the facts: Amero showed graphic pornography to up to 10 children in a Kelly Middle School class, according to a police investigation.

There was no magic, mysterious conspiracy to arrest and convict this woman. No group of students said, "We hate this teacher and now we're going to ruin her life." There were no bungling school district administrators or evil police. Computer filters can't stop every one of the millions of pornography Web sites from slipping through. Blaming the school, the police or anyone else for what Amero did is like blaming a rape victim for being raped. It's sick, it's wrong, it's ignorant and it's moronic. The school didn't even bring charges up against Amero. The police did.

According to a Norwich police affidavit, "the pornographic sites were almost continuously viewed from approximately 9:24 a.m. to approximately 11:11 a.m." No one accidentally clicks on pornographic pop-ups advertisements for nearly two hours continuously. According to the affidavit, at least one of the Web sites required the person viewing the images to click on a box agreeing to terms of disclosure beforehand.

Here's the kicker: AMERO WAS NOT CONVICTED OF LOOKING AT PORNOGRAPHY ON A SCHOOL COMPUTER. She was convicted of four counts of "Risk of Injury to a Minor." That means she was convicted of NOT DOING ENOUGH TO PREVENT CHILDREN FROM SEEING PORNOGRAPHY ON THE COMPUTER. Now, does she deserve 40 years in jail, of course not. She was offered probationary time, which would lead to her not having a criminal record, and she turned it down, according to her attorney. Now, she's been convicted and she'll face her sentence in March. I'm sure the judge will use prudence.

So even if you give Amero the benefit of the doubt, and you say the pornography was on the computer to begin with (and she simply found it there), then she should have covered the computer, unplugged it or forced the students to stand in the back of the room far away from the computer. Don't let multiple children, all were younger than 16, see people performing sexual acts upon each other on a school computer screen. That's just wrong.

Posted by: Brian | February 19, 2007 12:37 PM

WOW! I couldn't believe my eyes. It was late Saturday night, and I'm seeing the little yellow shield in my system tray. So I'm thinking is this really Microsoft or some bad boy mimicking MS to sucker me in. I took a chance and it was legit, downloading 2 updates. Was there something so critical that Microsoft released a patch on a weekend, or did it get lost in cyberspace for a while?

Posted by: Keith Warner | February 20, 2007 2:16 AM

The comments to this entry are closed.

 
 

©  The Washington Post Company