Microsoft to customers, here is our middle finger. Also please uninstall our software, its your best bet to protect against these security problems as we really don't give a damn as we already have your money.

Peace to the software industry!

So while you girls are bickering, your users are being infected since you told them they would be safe if they just used winword.exe /safe. Duuuhhhh...

This would only work if you also told your users to keep Word running all day, every day until the patch is in place. You would have to modify the File Type Associations for all Word Docs, and other files that may automatically open with Word.

So all of you smartasses out there just b****ing about shortcuts and other nonsense...you could have just lost your job cause you told the CEO to run winword.exe /safe. HA!

man asan nemifahmam

...Or one oculd use their brains and inform users on the network to *not* open word documents by clicking on them, but instead, to open them via the brand-spanking-new shortcut on the desktop.

Huh...

Unless all your users are complete idiots, in which case, I would suggest some training.

See? Life in the big world really isn't all that bad. All you need to do is think once in a while. You should try it sometime.

Err... most users are complete idiots, even after training. Not much you can do about that. :(

When will the patch be available?

Human beings... what a concept!

safe mode pretty much cripples the program in our environment. I think we'll just take the risk, after all everyone runs as user level perms.

I am dismayed with the fact that, given this problem is not with the core of windows but Word only, that MS is waiting till their Patch tuesday to issue a fix. If you have to tell people to use Word only in it's safe mode than the problem requires a qucker response and since you're not dealing with overall windows code, this should not be a big deal. BTW, i do use MS so I'm one of those fanboys for other systems but here MS by rigidly sticking to their Patch Tuesday schedule, has really hurt their image.

i just have to say...with microsoft, there is no safe mode.

While the solution is down and dirty and beyond some users it at least is a tool to use. If you are running any "big company" it should not be a problem if you have taken the time to manage your users desktops, a simple push of the new icon and link would have all your users running in safe mode. For those still working in the hands on mode getting the user to have enough skill to right mouse click on an icon and do a simple edit of the target address might be something to put on a to-do list.

The analogy of a car and a crash is not that much on target. It's more like the police saying we have a known criminal that is flagging down cars. If your windows are open and you stop and pick him up he's going to mess up your car. He will not go into cars with the windows rolled up, only cars with all windows rolled down. Now a smart driver would not pick up any stranger but knowing some people are more trusting than they should be the advice would go out that everyone drive with windows up and the A/C turned on until this nut is off the street. Would I be mad a the maker of my car for allowing me to drive with my windows down or making it so I can stop and pick someone up on the street? Any software that has the market share of Word and usefulness would find the same type of attacks.

"If you are running any "big company" it should not be a problem.."

Actually, any 'big company' would have anti-virus that already released defs to detect/block/remove the attack. Symantec's was included on Fri 19th.

They're main issue is that it's not a stranger, it's the car that's causing the problem.

Same diff, though. Roll up the windows and turn on the AC until they're ready for you to bring your car in.

Auto recalls happen all the time.

Please post a link to this proof?

I've searched Symantec's site and have found nothing.

WTF are you a bit retarded?

The link is a big image on the front page of symantec.com "NEW ZERO DAY EXPLOIT TARGETS MICROSOFT WORD"

Right here:
http://www.symantec.com/...ta/backdoor.ginwui.html

Heh...

:s/searched/imagined/g

He confuses those on occaision.

No, I don't visit the Symantec.com. THat page is for users.

I visit www.sarc.com and they don't have it there. So I think it's Symantec that's retarded since most Admins go to SARC instead.

Oh yeah.......you're a dummy :D

Riiiiiiiiiiiiiiiiiiight

Riiiiiiiiiiiiiiiiiiight

Doze off there for a moment on that word? It's a toughy, I know. ;P

Perhaps they should have said "Disable macros' instead of 'run in safe mode'.

People apparently get livid when the words 'safe mode' appear. To the point one wonders if some part of their brain has shut down, not allowing them to think logically about it.

Yeah...use OpenOffice. That's funny. Of course, none of your macros will work, very few of your documents will format properly.. Yeah, that's a *much* better solution than merely disabling Word's ability to use macros.

You guys rock. If you're not informative, you're at the very least amusing.

Never a dull moment...

Indeed...

Dude, my middle name is amusement.

See:

Joe Amusement Dirt :)

"... none of your macros will work, very few of your documents will format properly..."

I'm amazed. you rely on word macros? I cannot help but point out that you're *asking* for trouble here.

Have you used OpenOffice recently? I have been using it in the windows world for more than a year: formatting is spot-on (assuming you have the fonts needed installed. If not, then Word makes a mess too).

lmao..

No, I don't. I was replying to the twits here who are screaming that disabling their macros is such a *horrible* thing and we should all just switch to OpenOffice.

As for formatting, It takes about 10 seconds, transferring docements betweeen Word and OOo for the formatting to be screwed beyond recognition.

(Version 2.02 of OOo, and Word 2003)

Joe Amusement Dirt

So if you amuse me, does that make me JADed?

Please show me the aforementioned document that sees formatting 'screwed beyond recognition' when the file is opened in OpenOffice. I've opened hundreds of old Word files and haven't seen a major problem, so I'm curious to see what formatting you actually use to create such an issue.

I just started using OpenOffice and it is 100 times better than MS Word... and its free!

Download it and you'll never go back!

www.OpenOffice.org

"it is 100 times better than MS Word."

yeah right.

Nice Joke. Funny Man.

dont make me laugh fanboy

guess why openoffice doesnt have as many flaws ??
because almost nobody uses it ...

Yeah, sure, you betcha!

I like openoffice but um ya its not 100 times better than MS Word. I'm sad to say it but word is just easier and has more features. Even on my linux install i have word running under crossover office.

If the product were called Microsoft OpenOffice then there would probably be more people using it.

The main reason people don't use superior free software such as OpenOffice is because it rarely has Microsoft shown in the product title.

Show me one feature OO has that MS Office does not, because I can show you a dozen Office has that OO does not.

So exactly how is OO superior again?

Open Office is a nice program. For those who use it, how do you handle the lack of features like those found in Outlook? Until it handles contact management and scheduling in a similar manner to Outlook, I don't see myself switching over. In my business, Outlook is used as much as Word. In fact, it is the core app we all work from along with Access. Since it doesn't make sense to run Outlook and then run Open Office for other chores, I have to ask why scheduling and contact management have been ignored in OO.

I've not used it in such an environment.

It works on my laptop, for basic document editing, spreadsheets, and what-not.

It will likely *never* replace office on my main system, however. Outlook / Exchange integration being a rather large portion of that.

Easier? Not really. I think it's only easier if you've conditioned yourself with Word - otherwise the interface of OpenOffice is quite intuitive. I found it very easy to learn how to use.

I can think of three really easy ones, off the top of my head:
1. 89MB install package (Not 3-4 CDs).
2. Free (Not 500AUD).
3. OpenDocument standard. (Maximising compatibility and usability for years to come).

Probably because OpenOffice is an office suite, not a mail program.

Outlook + Exchange is an entirely different kettle of fish, and is not the OpenOffice market at all. Perhaps Eudora or Lotus are competitors for that system.

Honestly, if this solution was released by any company other than MS, people will praise for it. Of course, we will expect anti-ms people say MS is incompetent for not coming up temporary solution as simple as this and need other company to do it for them.

The reason these features in there because people want them. Not because MS think people want them. I know many companies out there think they know what customer want (and they drive themselves to the ground), but MS isn't one of them. MS has one of the biggest NON-IT testers department that do nothing except giving feedback on what's good and what's bad for the product. I know because this department come to my school and recruit some years ago.

Yup! All True.

"..To do this, a user must first disable the Word mail editor feature as the default, and then change Word shortcuts to run "WINWORD.EXE /safe" at the command line..."

Unbelievable. If it weren't so sad, this would be amusing. Do people here really believe the average person will follow this procedure, and that they have the know how to do so?

What a lark.

"Do people here really believe the average person will follow this procedure"

I highly doubt the "average person" will ever know about this problem.

I also doubt the average person will be affected, even if a victim to the flaw. Average people already have a multitude of spyware aboard their PC - what's one more backdoor?

The temporary solution looks pretty simple to me - I don't know why anyone thinks it's "ridiculous"? too technical I guess. Oh wait, it's a Microsoft product that's right..if it was anything open source, the developers would be lauded for coming out with a temporary work-around so fast. Bill Gates for President.

Wow, this is a real idiotic solution.

It sure seems like something is going on with Microsoft on the inside and they are falling apart.

How about this solution: Use www.OpenOffice.org instead. By the time the patch comes out you'll be used to it and you can then keep using it for free. :)

I cannot even believe that this is their solution until the patch comes out. What would they do if it was a Windows related problem? Tell you to run your PC in safe mode? Come on.

"What would they do if it was a Windows related problem? Tell you to run your PC in safe mode? Come on."

Thats the next step because MS's code is like swiss cheese.

It isn't PC/Windows Safe mode, jack ass, READ, its Word safe mode. And you STILL don't know what a WORD safe mode is, so I think you would be wise to just shut up.

Joe, you of all these other idiots should know better. Don't sink to their level. Word safe mode ONLY disables macros and vb script from running, not rendering Word useless as notepad. All the features still work, it just won't run code... Who really uses script in a document anyway, except those intended to be malicious. Most office documents are scripted, use Excel, not word.

C'mon man.. be logical.. where is that Joe Dirt that has wise solutions, instead of following the other morons?

HAHAHA

Now I am convinced that RJIP works for MicroSux

How else can you explain him defending MS when they give that rediculous solution to run in safe mode. HAHAHAHA

That sh*t just made my WEEK!

Agreed. RJIP needs to sit in timeout. LOL

You must work for them too based on your comment below stating their code is full of holes like "swiss cheese". You've obviously spent many hours examining their code, and have been able to find your own security holes.

Actually I have.

So why allow scripting in the first place, eh?

You said it yourself, so isn't it disabled by default? It only makes more sense to have the most used settings be set by default.

...

I think rijp needs to go into his own little safe mode. :/

I know what Word Safe mode entails. However in a corporation like us where we have over 2000 users it's not a wise solution to say to have everyone run Word in safe mode.

I'm simply very surprised that Microsoft would offer this as a solution ever. They would have been better off just not saying anything as opposed to this.

I'm thinking you're right. :)

Now we are getting somewhere! I totally agree. Why activate scripting by default? Not logical.

I don't what corporation you work in. I work for 2 big more, and I hardly come across any Word document, other than resume and invoices. Everything else are in Excel.

macros and vb scripting should be automatically disabled by default.

So you got fired and now you are dissing them at every chance?

The problem is that Microsoft turns every application into a full-blown software development tool capable of propogating viruses and wreaking havok in the operating system. Regardless of who wants these features or thinks they are useful, at the end of the day, shouldn't a word processor be for word processing? If edlin were written today it would be scriptable through ActiveX and capable of pwning a Windows box by a remote exploit. If we had tools that solved particular problems rather than every application being a full-blown software application development platform and programming language, then maybe this kind of nonsense wouldn't happen. You know, truly modular software. You know, the thing they promised us 10 years ago with OLE that will apparently never happen (just like most of the vapor that spews from Microsoft's marketing department, especially Bill Gates, who at the rate he's going couldn't accurately predict the sun will rise).

Though it is not a dumb solution, it is highly unrealistic. Think about it if you will; you have a corporation of 2000 employees, all of whom use a desktop computer with MS Office, Internet access and email. In many cases they may also enter their own time and expenses using SAP.

Is it reasonable to believe that everytime they want to use the Internet, email, excel, or whatever else when they are not using Word, that they will gleefuly flip-flop between safe mode and normal mode? It ain't gonna happen with most. It's human nature to take shortcuts, especially when so many have deadlines to meet and they are working for one of those typically huge, brainwashing corporations with that 90's motto: "We can do more with less"

???

What do you think safemode is (in respect to MS Word)?

No flip-flopping needed. 1 new shortcut, places on the desktop via SMS, at first login.

An email, describing the issue and telling users to use this shortcut, and not to open Documents by clicking on the document, but instead opening them via this new shortcut would take care of 90% of the problem.

No brainwashing. No flip-flopping. No phone-record collecting. (Like how I snuck that in there?)

It just plain works.

There is still alot of handholding involved, but sure it will work in theory.

Anything can work in theory.

The above, however, is working right now. Right here, in my very building.

Tell people not to click on a document to open it? (rolls eyes) We can't even get people not to open suspicious email attachments that contain worms, and you think that you can just tell people not to click on Word documents for opening them? Yes, the theory works. In reality, human nature says that they'll click on the documents anyway because they're used to doing it and because it's easier to just click on something a coworker has sent them. Windows was designed for the point and click method, and very few people understand the concepts of what happens behind the cute icons and animations. (shrug)

Seriously, that might work in a very small department with good communication, ie you can run around to each person to help them understand what they need to do. And I don’t care how explicit in detail the email( describing what to do) is at least half will not do it right. That’s assuming an awful lot about the 50% that got it right. It just is not practical. In an organization that has any significant size it is not worth it. I have about 2000+ users and it makes me laugh to think about it. And STILL other apps are going to open Word without opening in /safe.

Exactly my point.

I see a lot of anti-ms comment here. I want to ask, why is MS taking the blame. The article says stated it clearly "... it requires the opening of a malicious file." That mean if you don't open some unknow files, you are file.

If you drive your car and got it wacked, will you blame the car manufacturer didn't make a wack proof car because idiots like yourself will drive it through the wall.

There is a fatal flaw in your logic xyzcb1.

How do you know which is a malicious file? Many people open documents that look exactly like their own files. Viuses can infect regular files so that they become malicious. (Virus apps are not 100%)

By that logic (using your car analogy) Microsoftie is saying "in order to avoid crashing your car, drive your car at 2miles per hour or dont drive your car at all!" That is the most a** backwards solution to the problem I have ever heard.

The fatal flaw comes in trying to make a dummy like you understand simple logic. Its a macro. macros can't run in safe mode. Word can keep macros from running (WHILE) you are on the net, or, as the article ALSO states, you can NOT open documents from the web.

You got any better ideas, sir GCgoober?

I agree with that common sense, but they obviously are so intent on making MS to be the bad company, they don't care about the truth.

Thats why EVERYONE else besides you "RJIP the little MS fanboy" agrees that MS's solution is rediculous.

You comments are worthless Microsoft propoganda.

YEAH, because obveously you dont have any ideas. Your idea is "sure lets run in safe mode"

my idea is "MAKE A REAL SOLUTION"

Is my logic too simple for even you? Too bad. Go back to your speak n spell.

No, this isn't the case.

Read: "The recommendation comes after the discovery of a serious flaw in the word processor that could result in code execution."

It is more of a defect in the software than "a defect in a person's driving skills." When there is a defect in a vechicle, you are allowed to sue the manufacturer if you suffer injury from such a defect. That is why there are recalls, but obviously this doesn't happen in the software industry. -_-

So in other words, we have every right to blame MS.

my idea is "MAKE A REAL SOLUTION"

You mean aside form the update they are working on? (As stated in the article above)

Disabling Macros is the best workaround to the issue until the patch is released. MS would be megligent is they *didn't* suggest it as a workaround, considering it allows the user to keep using the software normally.

Obviously, if a user is opening a document they know is safe, they can re-enable macros if they need them.

What is the truth? Let's say there is a house building company that builds 90 percent of all homes. Break ins and burglaries are everywhere with these houses. Is it just a fact that because the builder is most popular all these houses will be broken into therefore it's not their problem? But more so the burglar or should this company have better security implemented in the house, metal doors instead of card board, locks on the windows and most importantly a simple alarm system.

The software is insecure, therefore prone things like this on a regular basis. Did Ms make this security vulnerability? No but they are required to fix their operating system that they made a incomprehensible amount of money on and still do on a regular basis.
Car makers are required to have safety measures in place so when there is a accident that is your fault or not. You have a possibility of surviving.
The problem is the government doesn't have safety standards in place for Ms to follow. So they are free to do their own code checking which is obviously a dismal failure. These people have on reason to work harder, they already have our money. The next version to make more money is what's being concentrated on. So the story goes on and on.

BAD MOVE, Microsoft. "Welcome! You got Nailed!"

ROTFLMAO!

Well if thats their brilliant solution...

RUN EVERYTHING IN SAFE MODE!

LOL! They have some real brains aat Microsoftie.

LOLALLDAY@microsux

Before you decide that this is a stupid solution, do you even know the difference between running word in safe mode, and normal mode?

I take it you don't, because you ALWAYS make stupid a** remarks that is clear you are just using these recommendations as your way of slamming MS (as evidence by your delightful comments - microsux).

I wasn't going to comment on this, because I thought you people we be smart enough to recognize when there are different ways to a solution. 1 is to simply disable macros. How does one go about this? Well, SAFE MODE is the easiest way, it doesn't disable spell check, it doesn't make the thesaurus invalid, it doesn't run in a some limited resolution, its not like an OS safe mode, you idiot, it runs EVERYTHING as it should, EXCEPT macros are prevented from running.

I hope you are not in any position of power at your company, because you are a COMPLETE moron, I see many of your lame brain comments, and you take it upon yourself to be the ring leader on MS bashing, so I am going to respond to you, because evidently you are so stupid, you just think EVERYTHING MS does is bad.

I don't even want to know why you continue to use MS products, I just am going to remind your stupid, lame, retarded, backwoods ass, that you are free to use some open source product or NOT use MS products at all. If you don't like the solutions presented, you can use your limited intellect and TRY to come up with a useful solution yourself (which would be like mike tyson trying to start his own cooking show), or you can spare us your MS insults.

I don't really care how you spend your day, but you really look like a retard when you post such informative announcements that you "hate" MS.

So, if you want to continue to look like an idiot, feel free even more to post more amusing posts to just be contrary to everything MS does.

LOLALLDAY@stupidpeople

AWWW poor baby got his panties in a twist! LOL

Heh..

You flatter yourself.

yea but do you know how importent it is to be able to use word for some people

Isn't there a Word compatible alternative?

It doesn't disable word, just MACROS. Safe mode isn't crippling anything but the ability to run vbscrips and macros.

If they tell you that if you go outside, and you don't wear sun block you will get sunburned, I guess you have to make a choice, now wouldn't you? Either risk going outside, or wear sunblock. same thing.

Now if for some reason, sun block isn't available, and you can wear a jacket (even when its summer time) you can be hot, or sunburned and risk skin cancer, or stay inside.

If you INSIST on going outside, I guess you should take proper precaution.

Yes OpenOffice.org.
Easier to use (just think of styles for everything, with some features M$ Word does not have like PDF export, Bibliography database, etc.

And it is save! without running in save mode.

Thank you for that 30 seconds of lost time reading your lame post. What were you talking about again? Oh yeah.....

Microsoft Safe Mode.....oxymoron of the day

Are they kidding? Microsoft could advice not to use Word at all till they patch the flaw. LOL

There are other solutions, like registry hacks, but MS is advising against those, because they don't know what OTHER problems they make cause.

Can you think ahead more than 1 square, even for 1 second?