This page permanently redirects to gemini://gemini.techrights.org/2009/02/25/openxml-security-flaws/.
Posted in Formats, Google, Microsoft, Open XML, OpenOffice, Security at 1:58 pm by Dr. Roy Schestowitz
=> ↺
SEVERAL MONTHS ago we warned that OOXML is not secure. Its dependence on a particular platform and office suite rendered it insecure by design just like those ‘origin’ formats, namely binaries, which it merely shuffled around (reassembled).
=> OOXML is not secure | dependence on a particular platform and office suite
It is now official and also confirmed that OOXML files are not just insecure but there are also persistent attacks against new flaws (without any security patches being available, i.e. zero-day). To quote one of the more recent reports:
=> ↺ one of the more recent reports
Some Open XML based products as Microsoft Excel are affected by a security flaw and the Trojan.Mdropper.AC.
There is fairly wide coverage of this problem, e.g. in:
Hackers Exploit Excel ‘Zero-Day’ FlawExcel Trojan targets unpatched flawsAttackers Targeting Unpatched Vulnerability in Excel 2007
Microsoft’s Excel spreadsheet program has a 0-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec.A 0-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publicly revealed.
Heise Online calls this vulnerability “critical” (highest level of severity by another one Microsoft’s ‘standards’).
=> ↺ calls this vulnerability “critical”
According to unconfirmed reports, the anti-virus manufacturer Symantec has found a trojan that seems to use a security hole in Microsoft Excel to remotely execute code on a user’s system. The attack is triggered by opening a maliciously crafted Excel file, causing an unspecified remote code-execution vulnerability.
One reader points out that “Microsoft is continuing its war against a universal office format.
=> ↺ continuing its war against a universal office format
“Notice in particular: ‘will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System‘
“What kind of hell is this causing in agencies, big businesses and schools? It’s not like they don’t have or could live with out the terabytes of electronic records now locked out by the kludge outlined above.”
Such problems could first be seen a year ago when Microsoft’s OOXML crimes were still prevalent. To make matters worse, Microsoft will continue to drift further away from ECMA OOXML, probably to gravitate in its own proprietary direction. Office 14, for example, is not committed to any real standards and according to yesterday’s report from Mary Jo Foley, it’s already delayed anyway.
=> a year ago | ↺ Microsoft’s OOXML crimes | in its own proprietary direction | ↺ already delayed anyway
Ballmer: Office 14 not this year[...]However, last year, more than a few times execs slipped up and indicated Office 14 would ship in 2009.
Things are not working well for Redmond these days. For real profit, Microsoft is highly dependent on Office which is its most profitable product (and one of the few that are actually profitable). Unless Microsoft can reinforce planned obsolescence and convince people to buy an upgrade they do not need, there’s great trouble ahead. The economic meltdown does not help.
OpenOffice.org makes a remarkably familiar substitute and Google Apps, among other SaaS alternatives, gain momentum despite the slew of disinformation from former Microsoft employees (masquerading as research firms). █
=> ↺ OpenOffice.org | disinformation from former Microsoft employees
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
Permalink Send this to a friend
=> Permalink | ↺ Send this to a friend
=> Techrights
➮ Sharing is caring. Content is available under CC-BY-SA.
text/gemini;lang=en-GBThis content has been proxied by September (3851b).