reghakr
New member
Microsoft admits it can’t stop Office file format hacks
Microsoft’s plan to “sandbox” Office documents in the next version of its application suite is an admission that the company cannot keep hackers from exploiting file format bugs, a security analyst said on July 23. “What’s been happening is that Office has lots of vulnerabilities,” said Gartner’s primary security analyst. “For the past 18 months, hackers have been fuzzing Office file formats,” he said, referring to the practice of “fuzzing,” a tactic that relies on automated tools that drop random data into applications to see if, and where, breakdowns occur. Fuzzing has been a hacker’s best friend: Microsoft has repeatedly had to patch file format vulnerabilities in Office applications, most recently in July when it fixed a flaw in Publisher 2007 and in June, when it patched seven vulnerabilities in Excel and two more in Word. “What’s happening is that the bad guys are using fuzzing tools to find vulnerabilities in Office, and now Microsoft is saying, ‘Okay, we can’t find, let alone fix, every vulnerability. So here’s a way to put a sandbox around the vulnerability.” The sandbox technique mentioned is a new addition to Office 2010, the upcoming upgrade to Microsoft’s bestselling Windows application suite. According to a senior security program manager with the Office team, Office 2010 will sport something called “Protected View” that isolates Word, Excel and PowerPoint files in a read-only environment. The sandbox, said the program manager in a post to a company blog this week, will have “minimal access to the system, and no access to your other files and information. Even if the file is malicious, it can’t get out of the sandbox and do harm to your computer or data.”
More.....
Microsoft’s plan to “sandbox” Office documents in the next version of its application suite is an admission that the company cannot keep hackers from exploiting file format bugs, a security analyst said on July 23. “What’s been happening is that Office has lots of vulnerabilities,” said Gartner’s primary security analyst. “For the past 18 months, hackers have been fuzzing Office file formats,” he said, referring to the practice of “fuzzing,” a tactic that relies on automated tools that drop random data into applications to see if, and where, breakdowns occur. Fuzzing has been a hacker’s best friend: Microsoft has repeatedly had to patch file format vulnerabilities in Office applications, most recently in July when it fixed a flaw in Publisher 2007 and in June, when it patched seven vulnerabilities in Excel and two more in Word. “What’s happening is that the bad guys are using fuzzing tools to find vulnerabilities in Office, and now Microsoft is saying, ‘Okay, we can’t find, let alone fix, every vulnerability. So here’s a way to put a sandbox around the vulnerability.” The sandbox technique mentioned is a new addition to Office 2010, the upcoming upgrade to Microsoft’s bestselling Windows application suite. According to a senior security program manager with the Office team, Office 2010 will sport something called “Protected View” that isolates Word, Excel and PowerPoint files in a read-only environment. The sandbox, said the program manager in a post to a company blog this week, will have “minimal access to the system, and no access to your other files and information. Even if the file is malicious, it can’t get out of the sandbox and do harm to your computer or data.”
More.....
My Computer
- Computer Manufacturer/Model Number
- Cheap $399.00 E-Machine
- OS
- Windows 7 Pro & Vista Home Premium
- CPU
- Athlon 64 3800+ (Orleans) 2.40GHz
- Motherboard
- Winfast
- Memory
- 2GB DDR2 RAM DIMM
- Graphics Card(s)
- NVIDIA GeForce 8500 GT 512 MB memory HDMI out
- Sound Card
- creative X-Fi Exteme 7..1 channel
- Monitor(s) Displays
- Acer V223W 22" widescreen DVI
- Screen Resolution
- 1680x1050
- Hard Drives
- WDC WD5 500GB
WDC WD25 250GB
- PSU
- OCZ 550 watt
- Case
- Gateway
- Cooling
- 2 fans
- Keyboard
- Dell
- Mouse
- Sony Vaio
- Internet Speed
- 18MB/s down - .72MB /s up
