__/ [ Jim ] on Tuesday 18 July 2006 14:21 \__
> nessuno@xxxxxxxxxxxxxxxxxxx wrote:
>
>> Quote:
>> ------------------
>> Another Microsoft Office exploit, Bifrose.UZ, was discovered last week.
>> It drops a backdoor using PowerPoint (PPT) files. The exploit was
>> discovered after a limited number of people received e-mail with the
>> PowerPoint file as an attachment.
>>
>> So what's the deal with Microsoft Office and why the exploits? There
>> were Word fixes in June - Several Excel fixes were included in July's
>> patches - And now there is a PowerPoint exploit that will need to be
>> patched in August. See a pattern?
>> ----------------
>> End quote
>>
>> http://www.f-secure.com/weblog/#00000922
>
> Yup. Access is next.
>
> September: Access
> October: Publisher
> November: Works
> December: Outlook
> ...
>
> The cycle'll repeat until the next service pack rolls in (Q2 '07 anyone?)
> and push back Vista even further until it's but a Visual_Echo (AKA XPSP3)
> as the developers drop everything and scramble to fix the current flagship
> products.
The most unfortunate (for Microsoft and its userbase) fact
in most of these scenarios is that the user is one click
away from having the computer fully exposed and controllable
from the ourside. This is a worst case scenario, which _does
not even involve the kernel_. Merely having software
installed on your O/S can compromise its grounds.
|
|
