Page 1 of 1
Word 2010 Vulnerable to .rtf hack
Posted: Thu Mar 27, 2014 2:02 pm
by Tunnelcat
If you have Microsoft Office 2010, don't open, OR EVEN PREVIEW ONLINE, from an unknown source or author, any
.rtf file. There's a new vulnerability that Microsoft needs to address.
http://finance.yahoo.com/news/microsoft ... 32816.html
http://blogs.technet.com/b/srd/archive/ ... tions.aspx
Re: Word 2010 Vulnerable to .rtf hack
Posted: Fri Mar 28, 2014 1:48 pm
by Duper
YIKES! Thank you TC. I hadn't heard anything about this!
Re: Word 2010 Vulnerable to .rtf hack
Posted: Fri Mar 28, 2014 3:00 pm
by Tunnelcat
Yeah, I went in and set things up in the OS so that Word will NOT open any .rtf file.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Fri Mar 28, 2014 4:49 pm
by Top Gun
It's probably not an ideal solution that I'm still on Office 2003, is it?
Re: Word 2010 Vulnerable to .rtf hack
Posted: Fri Mar 28, 2014 5:08 pm
by Spidey
Office 2003 is awesome...you can stick your "ribbons" I will keep my macro buttons.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Fri Mar 28, 2014 5:51 pm
by Jeff250
Top Gun wrote:It's probably not an ideal solution that I'm still on Office 2003, is it?
It's fine, but only for a very short time. Office 2003 will end-of-life in April, and then any newly discovered security problems will exist in perpetuity.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Fri Mar 28, 2014 6:46 pm
by Spidey
Well, not really a problem for me, because I don’t open any files with Office 2003 that I didn’t create, and one machine I use it on isn’t even on line.
When I need to open a file from someone on line I open it in protected mode with Office 2010.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Sun Mar 30, 2014 1:31 am
by Sirius
Hmm, fancy. I'm running 2013 so all I have to look forward to, apparently, is a crash.
Hard to say whether 2003 would be susceptible, but they didn't call out any older versions, so it might not be. Memory layout dependent exploits like this are very likely to only work on specific versions.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Sun Mar 30, 2014 3:08 am
by Duper
ugh.. Keep your 2003. buggy. bleck.
2010 is much better and spidey you can still make your own shorts keys if you want, not that many changed.
The ribbons are a different way of looking at things; it's just a tab function. Really no different than your browsers. They group functionality fairly well and if you don't like using that or shortcut keys, there's always the quick launch bar on top .or below the ribbon and between the doc if you want. I use the QL bar quite a bit as there are 5 or 6 functions I use on a regular basis and I don't like hoping between tabs.
There are some serious format difficulties in 2003 that 2010 fixed. It handles imbedded images a WHOLE lot better and the docs are half the size now. 2007 wasn't bad, but they smoothed a lot of semi broken things out with 2010.
Anyways. I imagine that there will be a largeish patch soon.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Sun Mar 30, 2014 10:00 am
by Spidey
Bugs don’t bother me in the least, all I do is bookkeeping on that version, nothing new.
As far as the macro buttons…no…the only way to get macro buttons in 2010 is some very convoluted system using saved sheets and converting them to add ons, I tried it and it’s very frustrating at best.
Oh wait…you said short keys…no that is not what I meant…I custom designed my bookkeeping system, and it’s highly dependent on MACRO buttons. (changing from OS to OS is bad enough)
And I think I already implied that I do use 2010.
...............................
EDIT:
Sorry, I should have said "toolbars".
I activate my macros from buttons located on several toolbars located at the top and side on the screen. Way too many to keep track of if I were to use shortcut keys to activate, and way too many clicks to use the ribbons.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Sun Mar 30, 2014 1:44 pm
by Tunnelcat
Spidey, my husband was still using Office 2003 as of 2 months ago. Now he's using Office 2010 because he finally upgraded to a Windows 7 machine and I had a 3 license boxed copy of Office 2010 sitting on the shelf with 2 licenses left. Even with his poor vision, he's gotten quickly used to the interface and toolbars and doesn't seem to mind it now. Oh, he bitched and moaned, but he figured it out. He even figured out how to modify the normal template to keep all the settings the way he wants. It wasn't so bad. If fact, he didn't want the newest version of Office because it's now "in the cloud", like that's a great thing. Not something I want in a personal word processor either. I guess we're old fashioned.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Sun Mar 30, 2014 2:52 pm
by Spidey
How many times must I say, I use 2010…
If you had to adapt my custom accounting system to 2010 you wouldn’t be singing that tune. It’s a hell of a lot more involved than just learning to use the new interface…which I learned back in 2007 or such.
So I simply keep 2 versions on my machines…what’s the big deal? In fact I’m writing this very post in 2010….doh.
And JFTR....I will NEVER use software from the cloud.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Sun Mar 30, 2014 5:29 pm
by Tunnelcat
Spidey wrote:How many times must I say, I use 2010…
If you had to adapt my custom accounting system to 2010 you wouldn’t be singing that tune. It’s a hell of a lot more involved than just learning to use the new interface…which I learned back in 2007 or such.
So I simply keep 2 versions on my machines…what’s the big deal? In fact I’m writing this very post in 2010….doh.
Spidey wrote:And JFTR....I will NEVER use software from the cloud.
Yeah, and the newest version of Office Cloud is only version 1. No one buys a new software product until at least version 3.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Sun Mar 30, 2014 8:40 pm
by Duper
yeah. ditto on the cloud thing. Why do I want to keep my data on someone else's computer?? If you can carry a 64+ gig flash drive the size of your pinky nail around.. the whole "convenience" thing goes right out the window. I just bought a Asus Tranformer T100 (half notebook-half tablet) I spent the extra $50 and got the 64 version instead of 32. I put a 32 Gig chip in the side and I'm good!
Back ups? ppbbbt.. that's what external HD's are for if you want. Cloud is a gimmick and probably something else, but I can't reach that foil hat from here.
Oh and Spidey, my apologies. I was just ribbing you about 03'. I'm normally the one that chain's himself to a tree and shakes his fist that the chainsaws of change! ...aaand I normally acquiesce. :\ However, I really had a time of it trying to get around 03 Word. We use a lot of imbedded images and objects in our documents and 2010 got rid of a lot of those problems.
I guess I could always use In-Design, but that's a bit overkill for simple instructions sheets.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Mon Mar 31, 2014 11:47 am
by Sirius
Few things...
Luckily: Bug fixes are rarely large. The update shouldn't break the data cap
The newest version of Office kind of has two "flavors" - 2013 and 365. 2013 is basically the same thing, but sold as a one-time boxed-software purchase, rather than on a subscription model, so it's probably more to many old-schoolers' tastes. It isn't cloud-only - it can do everything 2010 can. I'm not sure there are a lot of compelling additions over 2010 though.
Even Office 365 has the desktop version, which is really the more powerful option anyway. There are web-based versions now but you don't have to use them. They do actually seem to be fairly reliable, though, and have been around a few years (3-4? I'm not really certain). They are still behind the desktop versions in feature set, though, and it's possible they always will be. It's difficult to keep track of version numbers for the web apps since web-based applications tend to have much faster releases than boxed software.
For someone with only a few devices (at least only a few they want to use), cloud storage doesn't offer much, no... the USB drive option is generally OK but doesn't automatically sync (which is fine if you know what you're doing, but if you don't it opens the door to accidentally losing track of which version is newer), and you can't plug a thumb drive into a phone or iPad, but you can use cloud storage on those devices.
If you're super worried about information privacy and the NSA, you will probably still avoid it like the plague... and yeah, you can definitely get by just fine without it. It's just a convenience/backup thing.
Edit: Wow, finally hit #5000. Only took 15 years
Re: Word 2010 Vulnerable to .rtf hack
Posted: Mon Mar 31, 2014 11:59 am
by snoopy
Sirius wrote:If you're super worried about information privacy and the NSA, you will probably still avoid it like the plague... and yeah, you can definitely get by just fine without it. It's just a convenience/backup thing.
I'm more worried about the "we're getting our hooks in so eventually you don't own any of your data and you lose everything if you decide to go somewhere else" aspect. A big part of my support for open source efforts is aiming to maintain freedom from vendor lock-in, which what I fear from cloud-based office. Microsoft has been working hard for years to keep customers locked into Office... and I like the option to use things like Libreoffice to open my data without having to pay a subscription fee, thank you very much.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Mon Mar 31, 2014 12:03 pm
by Top Gun
Honestly I didn't mean to imply that I'm fully against newer versions of Office; I think we have either 2007 or 2010 on the family's computer, and the few times I've used it I haven't had much trouble adapting to the Ribbon interface. But at this point I don't ever plan on using a new version of Office unless I get it as a freebie: I'm not going to spend over $100 for a simple software suite when I can do the exact same stuff I'd use it for with LibreOffice for free.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Mon Mar 31, 2014 12:49 pm
by Duper
07's ribbon is a bit of a beast. It was/is about as flexible at a leaf spring compared to 2010.
2010 gave you customization, some old 03 functionality that had been pitched out the window. (wow.. unintended pun there) and just seems to be a bit more forgiving. One of the neat things in 2010, you can enable even old 95 functions if you want. You have to dig a bit to find that, but it's there.
Hey Sirius, do you have any idea if MS has had the though to customize their OD model to different platform needs? I.E Mobile, Desktop, Industrial maybe others.?
Re: Word 2010 Vulnerable to .rtf hack
Posted: Tue Apr 01, 2014 2:26 pm
by Tunnelcat
Duper wrote:07's ribbon is a bit of a beast. It was/is about as flexible at a leaf spring compared to 2010.
2010 gave you customization, some old 03 functionality that had been pitched out the window. (wow.. unintended pun there) and just seems to be a bit more forgiving. One of the neat things in 2010, you can enable even old 95 functions if you want. You have to dig a bit to find that, but it's there.
Hey Sirius, do you have any idea if MS has had the though to customize their OD model to different platform needs? I.E Mobile, Desktop, Industrial maybe others.?
They're putting an App version on Apple products, although with a few teething problems.
http://news.yahoo.com/app-fixes-one-off ... 36776.html
Re: Word 2010 Vulnerable to .rtf hack
Posted: Tue Apr 01, 2014 3:09 pm
by Grendel
Install
EMET. Should have been included in Windows from the beginning :/ Also, get rid of Word and use OpenOffice.
Affected software: Word -- 2003sp3, 2007, 2010, 2013, Word Viewer, Office Compatibility Pack 3, Office for Mac 2011 etc.
https://technet.microsoft.com/en-us/sec ... ry/2953095
Re: Word 2010 Vulnerable to .rtf hack
Posted: Tue Apr 01, 2014 8:08 pm
by Sirius
Sorry, OD? I'm not familiar with the abbreviation.
Regarding lock-in, I note that you should be able to tell well ahead of time if something will make platform migration harder or impossible. Especially because there will be many, many voices complaining about it
It's also a lot less strategically viable to try to pull that off today than it used to be. Even in the emerging enterprise cloud computing market, MS is having to make Azure as interoperable as possible because the customers are just not going to be interested if it isn't.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Wed Apr 02, 2014 12:13 pm
by Duper
sorry "OS". Didn't notice that.
Re: Word 2010 Vulnerable to .rtf hack
Posted: Thu Apr 03, 2014 3:17 am
by Sirius
Kind of. I get that impression, especially with divergence between desktop and tablet models increasing again in the 8.1 update next week - a lot of typical desktop affordances are coming back, and they're not generally visible on tablets - and that's only set to increase by the look of it (there was talk about a remodeled start menu as well, in a later release though). I'm not really sure what sorts of lines would be drawn between form factors or where they'd be though. A large smartphone and a small tablet have a lot in common and it doesn't make sense for the UI differences to be too great in that case.
There is a very clear strategy MS is pursuing of using a common kernel (and even applications framework - as was announced today
http://www.neowin.net/news/microsoft-an ... phone-apps) for devices of all types, though... basically the different types would just have different UIs, I would guess. This apparently extends as far as embedded smart devices, which have sometimes been collectively referred to as the "Internet of Things" - it's apparently possible to use Windows for that as well, although the UI is very different, arguably non-existent in many cases. I imagine they had to strip it down massively to do that, but there has already been work in stripping down Windows so they could pack more virtual instances into cloud computing datacenters anyway, so part of the job may have already been done.
Being a little late at night it's difficult for me to know whether I'm making any sense
Guess I will check back in the morning!
Re: Word 2010 Vulnerable to .rtf hack
Posted: Thu Apr 03, 2014 1:43 pm
by Grendel
Looks like MS is addressing this w/ next weeks patches.
https://technet.microsoft.com/en-us/sec ... n/ms14-apr
Re: Word 2010 Vulnerable to .rtf hack
Posted: Fri Apr 04, 2014 7:21 am
by snoopy
Sirius wrote:Kind of. I get that impression, especially with divergence between desktop and tablet models increasing again in the 8.1 update next week - a lot of typical desktop affordances are coming back, and they're not generally visible on tablets - and that's only set to increase by the look of it (there was talk about a remodeled start menu as well, in a later release though). I'm not really sure what sorts of lines would be drawn between form factors or where they'd be though. A large smartphone and a small tablet have a lot in common and it doesn't make sense for the UI differences to be too great in that case.
There is a very clear strategy MS is pursuing of using a common kernel (and even applications framework - as was announced today
http://www.neowin.net/news/microsoft-an ... phone-apps) for devices of all types, though... basically the different types would just have different UIs, I would guess. This apparently extends as far as embedded smart devices, which have sometimes been collectively referred to as the "Internet of Things" - it's apparently possible to use Windows for that as well, although the UI is very different, arguably non-existent in many cases. I imagine they had to strip it down massively to do that, but there has already been work in stripping down Windows so they could pack more virtual instances into cloud computing datacenters anyway, so part of the job may have already been done.
Being a little late at night it's difficult for me to know whether I'm making any sense
Guess I will check back in the morning!
Makes sense... write & support a single Kernel rather than having to maintain what amounts to a bunch of branches. Same thing with the applications framework...
[snide remark]
Sounds like Windows is continuing its migration toward Linux/Unix
[/snide remark]
Re: Word 2010 Vulnerable to .rtf hack
Posted: Tue Apr 08, 2014 5:26 pm
by Grendel