Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Microsoft admits it can’t stop Office file format hacks

27 Jul 2009   #1

Windows 7 Pro & Vista Home Premium
Microsoft admits it can’t stop Office file format hacks

Microsoft’s plan to “sandbox” Office documents in the next version of its application suite is an admission that the company cannot keep hackers from exploiting file format bugs, a security analyst said on July 23. “What’s been happening is that Office has lots of vulnerabilities,” said Gartner’s primary security analyst. “For the past 18 months, hackers have been fuzzing Office file formats,” he said, referring to the practice of “fuzzing,” a tactic that relies on automated tools that drop random data into applications to see if, and where, breakdowns occur. Fuzzing has been a hacker’s best friend: Microsoft has repeatedly had to patch file format vulnerabilities in Office applications, most recently in July when it fixed a flaw in Publisher 2007 and in June, when it patched seven vulnerabilities in Excel and two more in Word. “What’s happening is that the bad guys are using fuzzing tools to find vulnerabilities in Office, and now Microsoft is saying, ‘Okay, we can’t find, let alone fix, every vulnerability. So here’s a way to put a sandbox around the vulnerability.” The sandbox technique mentioned is a new addition to Office 2010, the upcoming upgrade to Microsoft’s bestselling Windows application suite. According to a senior security program manager with the Office team, Office 2010 will sport something called “Protected View” that isolates Word, Excel and PowerPoint files in a read-only environment. The sandbox, said the program manager in a post to a company blog this week, will have “minimal access to the system, and no access to your other files and information. Even if the file is malicious, it can’t get out of the sandbox and do harm to your computer or data.”


My System SpecsSystem Spec
27 Jul 2009   #2

64-bit Windows 8.1 Pro

Welcome back!
My System SpecsSystem Spec
09 Aug 2009   #3

Windows XP SP3

First impressions seem good. Hope it won't be a resource hog and slow everyting down a lot!
My System SpecsSystem Spec

10 Aug 2009   #4

Windows 7 Pro & Vista Home Premium

Quote   Quote: Originally Posted by Tews View Post
Welcome back!

I've been told I can't post the cyber security messages that do not apply to Microsoft or Windows 7
My System SpecsSystem Spec
10 Aug 2009   #5

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)

well this is a MS OS oriented forum...
and by the looks of it, it does seem like a nice addition (i think of it as another layer for people to try to bypass)...
of course there will be vulnerabilities in this too (i also think of java when i think sandboxing and its vulnerabilities...)
but again this will make it harder which i like...
My System SpecsSystem Spec

 Microsoft admits it can’t stop Office file format hacks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
Blubbering Ballmer admits HE was Microsoft's problem
Source A Guy
Microsoft Office Picture Manager - Office 07 - Broken File Types
After much messing around I have discovered that if you use Windows 7 'Associate a file type or protocol with a program' to set default programs for file types, it breaks the File Types selection within a given program (in my case Microsoft Office Picture Manager) and you are no longer able to use...
Microsoft Office
Microsoft CEO Steve Ballmer Admits He Made A Huge Mistake Microsoft CEO Steve Ballmer Admits He Made A Huge Mistake
General Discussion
Microsoft admits was hacked, and for an unknown period of time!
Microsoft computers hacked in a series of recent cyberattacks affecting bigwig tech firms | Austrian Tribune :p HA HA HA! They had no clue what was going on.
Microsoft admits Office patch gaffes.
Source - Microsoft admits Office patch gaffes
Microsoft admits that Bing is slow at indexing.
Read more - Microsoft admits that Bing is slow at indexing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 22:51.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App