| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 136637 | 2014-03-25 03:03:00 | Word vunerability ... | SP8's (9836) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1371259 | 2014-03-25 03:03:00 | Hi peoples Just thought I'd put THIS (technet.microsoft.com) up for those who may not be aware of it ... It was sent to me by a friend at the University of Otago and had the following warning with it ... not sure whether this is aimed solely at the Uni or not. Updated Timeframe: Tuesday 25th March 2014 - Ongoing. Audience: All Staff and Students The University is currently under a second concerted attack by a spam/phish group within a week. Again, some users have compromised their University accounts by responding to these phishes. The latest phishing email suggests you may lose your email account though inactivity, and appears as if it has been sent by the ITS Service Desk. Please delete this email and do not respond, or click links within. There are also current dangerous campaigns targeting NZ banks, the IRD, NZ Post, and other institutions that you may be familiar with. If you allow the attackers to collect your account/password details, you face the real danger of financial loss – these criminals are trying to control your accounts in order to make or steal money, and they are very motivated. Please be extra-careful at the moment to NOT RESPOND to emails with suspicious links, even if they come from University accounts. While we do email out messages about email quotas we do not ask for University credentials. Reminder: Please do not enter your University credentials into any web page unless you are absolutely sure that it is a genuine University web page. You can check this by: • hovering the pointer over the web link and checking the web address shown: the website name should end with otago.ac.nz/ and NOT otago.ac.nz.edua.ir/, for example. • checking the ITS Service Notices • contacting the ITS Service Desk • contacting the sender |
SP8's (9836) | ||
| 1371260 | 2014-03-25 03:55:00 | Thanks so much for the warning - always good to get these. But please - the word is 'vulnerability' - not as so often pronounced 'vunerability' :( |
R.M. (561) | ||
| 1371261 | 2014-03-25 06:58:00 | Here's the link to a quick fixit from MS: support.microsoft.com and background info: arstechnica.com chnica+-+All+content%29 |
zqwerty (97) | ||
| 1371262 | 2014-03-25 10:33:00 | But please - the word is 'vulnerability' - not as so often pronounced 'vunerability' :( I have no key ... it went on hoi day |
SP8's (9836) | ||
| 1371263 | 2014-03-25 17:24:00 | :) | R.M. (561) | ||
| 1371264 | 2014-03-25 21:42:00 | . com/2014/03/microsoft-warns-of-word-2010-exploit/" target="_blank">krebsonsecurity . com Its more an Outlook issue . Your only have to have the 'infected/bogus' email in the preview plane to be vulnerable to this . ie you dont even have to open the attachment . Its like deju vu from 10 years ago Thats why Ive never liked Outlooks preview plane, but most now insist on having it . MS Temp fixit is to "Disable opening RTF content in Microsoft Word" |
1101 (13337) | ||
| 1371265 | 2014-03-26 06:19:00 | Thanks so much for the warning - always good to get these . But please - the word is 'vulnerability' - not as so often pronounced 'vunerability' :( There you go, that should let you sleep at night . Cheers Billy 8-{) |
Billy T (70) | ||
| 1371266 | 2014-03-26 07:39:00 | No it is a Word issue, Outlook uses Word as it's viewer/editor etc. "E-mails that are viewed or previewed using a default setting in Outlook allow the attacker to gain the same system privileges as the user who is currently logged in." "The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word or previews or opens a specially crafted RTF e-mail message in Microsoft Outlook while using Microsoft Word as the e-mail viewer." RTFA |
zqwerty (97) | ||
| 1371267 | 2014-03-26 21:30:00 | No it is a Word issue, Outlook uses Word as it's viewer/editor etc. are , scuse me In the REAL WORLD, its an Outlook issue . NOBODY would be opening or would have access to these bogus RTF's except via Outlook. turn off preveiw pane & you have much less chance of being exposed to this. If not via Outlook, what possible way would anyone be exposed to these RTF's |
1101 (13337) | ||
| 1 | |||||