Your best source of information and news about BIOS, microsoft and windows vista on the internet

Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

Microsoft Word

You are currently browsing the articles from MS Windows Vista Compatible Software matching the category Microsoft Word.

Handle Registry editing with caution

I explained how to disable Windows auto-run behavior to protect yourself from inadvertently running malware that might exist on USB drives or other devices you insert into your PC.

Be aware, however, that careless Registry editing can make your system malfunction or even keep you from starting Windows.

Use care making changes to the Registry

Any tip that requires direct editing of the Registry (whether using the Registry Editor or merging a .reg script) should be approached with caution. The best insurance policy in these cases is to set a Windows “restore point” before experimenting with such advice. (more…)

, , , , , , , , , , , , , , , , , , , , ,

Written by Jason on November 16th, 2007 with no comments.
Read more articles on registry tips and registry script and registry editing and launch system and system malfunction and system protection and word processors and word processor and windows restore and text document and inadvertently and document text and autorun inf and Office and computer and Computer and restore point and system restore and auto run and registry files and Microsoft Word and registry editor and Windows.

Critical Security Vulnerability Makes Word Documents Dangerous

Severity: High

9 October, 2007

Summary:

Today, Microsoft released two security bulletins describing vulnerabilities affecting different Microsoft Office packages including Word (for Windows and Mac), Office SharePoint Server 2007, and Windows SharePoint Services 3.0. By enticing one of your users into opening a maliciously formed Office file, an attacker could exploit the worst of these flaws to execute code on your user’s computer, with your user’s privileges, potentially gaining control of that computer. If you use Office, Word, or SharePoint in your network, you should download, test, and deploy the appropriate patches immediately.

Exposure:

Microsoft’s two security bulletins describe vulnerabilities found in Word, Office SharePoint Server 2007, and Windows SharePoint Services 3.0. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-060: Word Memory Corruption Vulnerability

Microsoft Word for Windows and Mac suffers from an unspecified memory corruption vulnerability. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit this vulnerability to execute code on that user’s computer, with that user’s level of privileges and permissions. If your user has local administrative privilege, the attacker gains full control of the victim machine. Microsoft’s bulletin doesn’t specify exactly what sort of Office document triggers this vulnerability. We assume typical Word documents (.DOC) trigger the flaw, but we also have to assume that other Office documents could potentially trigger it as well.
Microsoft rating: Critical.

MS07-059: SharePoint Scripting Vulnerability

Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 provide a platform for document management. SharePoint suffers from a vulnerability due to its inability to properly validate URL-encoded requests. By enticing one of your users into clicking a specially crafted URL, an attacker could exploit this vulnerability in an elevation of privilege attack to gain that user’s level of privilege on your SharePoint server. The attacker could also redirect your SharePoint server’s responses to himself, gaining access to confidential information hosted on the server.
Microsoft rating: Important.

Solution Path

Microsoft has released patches for Office and SharePoint that correct these vulnerabilities. Download, test, and deploy the appropriate patches throughout your network immediately.

MS07-060:

  • Word for Office XP (2002)
  • Word for Office 2000
  • Word for Office 2004 for Mac

Other versions of Office are unaffected.

MS07-059:

For All WatchGuard Users:

One of these attacks travels as normal-looking HTTP traffic, which you need to allow so your network users can access the World Wide Web. The other involves an unspecified range of Office documents that many administrators prefer to allow into their network. Therefore, the patches above are your best solution.

Status:

Microsoft has released patches correcting these issues.

References:

Written by bardissi on October 10th, 2007 with no comments.
Read more articles on Watchguard and Sharepoint and Windows 2000 and Computer Security and Microsoft Word and Microsoft and Network Infrastructure and Office 2007 and Windows XP and Business Computer Support and Home Computer Support and Windows Vista.