Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Smokey's Security Forums now a member of:
AQMRB - Alliance of Qualified Malware Removal Boardsâ„¢

   AQMRB - Alliance of Qualified Malware Removal Boardsâ„¢

Multilingual OTL (OldTimer ListIt) Log Analysis * Multilingual OTL Tutorials * OTL Downloads * Malware Removal * Microsoft Security Info & Alert Center * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: MS09-024: Lower risk if you have Microsoft Word installed  (Read 293 times)

0 Members and 1 Guest are viewing this topic.

SilveyTopic starter

  • VIP Member
  • *****
  • Offline Offline
  • location: B.C. Canada
  • Posts: 1159
MS09-024: Lower risk if you have Microsoft Word installed
« Reply #1 on: June 09, 2009, 08:00:30 PM »
MS09-024: Lower risk if you have Microsoft Word installed
9 June 2009, 6:48 pm

Today we released bulletin MS09-024 that fixes vulnerabilities in text converters for the Microsoft Works document file format (WPS).

Reduced impact if Microsoft Office is installed

The Works converters included with Microsoft Word are vulnerable. However, the Microsoft Word installer does not associate the WPS file extension with Word. So a user double-clicking a WPS file attachment for the first time would see the following dialog:



The vulnerable Works document file format converter would only be loaded if a user selects Microsoft Word using the "Select the program from a list" option or if a user had previously selected Word to be the default editor for WPS files. If a user were to open the WPS file from the Microsoft Word interface using "File" -> "Open", this prompt would not appear. Howevever, the "Workarounds" section of the MS09-024 security bulletin describes how to disable access to the converter completely.

Summary

You may be at reduced risk to the vulnerabilities addressed by the MS09-024 update if you have installed Microsoft Word and have not associated the WPS file format with Microsoft Word.

- Greg Wroblewski, MSRC Engineering

*Postings are provided "AS IS" with no warranties, and confers no rights.*

Source: Security Research & Defense

 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
 BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content © 2006 - 2010 Smokey Services™ -- All rights reserved
Design of all board graphics, banners and images by Emma aka Tinker - © 2006 - 2010 Smokey Services™ -- All rights reserved

Security Knowledge-, Alert- & News Center and Comprehensive Microsoft Windows Information & Download Center
Board- and databases search functions and the download of post attachments are only available to registered board members

    

  

Smokey's Security Forums provide full qualified OTL Log Analysis & Cleaning Services in English, German and Spanish language
OTL (OldTimer ListIt) is a flexible, multipurpose, diagnostic, and malware removal tool, it also has some curative ability

Microsoft Security Info & Alert Center: all released Microsoft Security Bulletins, Alerts, Advisories and Vulnerabilities, in real-time