RT @mistertechblog: I wrote about Nexus One and Touchdown, desktop dock, Bluetooth/USB tethering, ebooks here: http://bit.ly/bRdzx0
1 hour 43 minutes ago by yklee13 on topsy
We have relaunched: What's new at ZDNet Asia?
ZDNet / News / Security / Story
No fix yet for Word 2000 flaw
Summary
Microsoft releases patches for three security holes, but does not have a fix for a Word 2000 flaw being used in attacks.
Events
Microsoft MSDN/Developer Event
25 Mar 2010
One Marina Boulevard, Microsoft Singapore
IT Architect Regional Conference Singapore 2010
20 - 21 Apr 2010
Singapore Management University, Singapore
The Internet Show 2010
21-22 Apr 2010
Suntec Singapore
Microsoft on Tuesday provided patches for three security flaws, but it does not have a fix yet for a Word 2000 vulnerability being exploited in cyberattacks.
As part of its monthly patch cycle, Microsoft released updates for Office and Windows users to repair a trio of security flaws, a tally that is notably fewer than in previous months. The software maker deems the Office problem "critical"--its most serious rating. The Windows problems have a lower severity rating.
"What's not there is more news than what is there, from what we can see," said Amol Sarwate, research manager at vulnerability management company Qualys."The first thing we noticed is a lack of a patch for the Microsoft Word vulnerability at large; they did not have enough time to produce a patch."
Microsoft last week warned that miscreants are using a previously unknown flaw in Word 2000 in cyberattacks. These attacks come by way of rigged Word documents attached to an e-mail or otherwise provided to the targeted person. Microsoft has said that it is working on a patch, but in a security advisory posted Sept. 6, it did not give an expected release date.
The yet-to-be addressed Word 2000 flaw is similar to the Office flaw that Microsoft did tackle on Tuesday. This vulnerability affects Microsoft Publisher in Office 2000, Office XP and Office 2003. An attacker could exploit it by crafting a malicious Publisher file and tricking someone into opening it, perhaps by hosting it on a Web site or sending it by e-mail, Microsoft said in security bulletin MS06-054.
"An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft said. "We recommend that customers apply the update immediately."
Publisher is Microsoft's desktop publishing application. The software maker recommends all Office users install the patch, regardless of whether Publisher is installed, because other Office applications use some of the same compromised files.
Of the two Windows vulnerabilities addressed by Tuesday's fixes, one could allow an attacker to remotely take control of a PC and the other could lead to information disclosure, Microsoft said.
A flaw in a protocol for data exchange in Windows XP could let an intruder hijack a vulnerable system by sending it a special data packet, according to Microsoft security bulletin MS06-052. However, the Pragmatic General Multicast, or PGM, protocol is part of Microsoft Message Queuing technology version 3.0, which is not enabled by default, Microsoft said.
The information disclosure vulnerability exists because of a cross-site scripting flaw in a part of Microsoft's Indexing Service, Microsoft said in security bulletin MS06-053. An attacker could exploit the flaw to run script code on a vulnerable PC. The script could spoof content, disclose information or take any action that the user could take on a specific Web site, Microsoft said.
The patches are available online and will be pushed out via Microsoft's Automatic Updates service. As for the unpatched Word flaw, Qualys recommends Windows users install multiple layers of security software and use caution when opening e-mail attachments.
Transform your business interactions with real-time voice, video and telepresence solutions.
Tech Vendor: Cisco
Tech Vendor: Cisco
ZDNet Asia Live
Read my blog post on getting the most from your Nexus One: http://www.zdnetasia.com/blogs/m...
1 hour 49 minutes ago by mistertechblog on twitterData Centre Operator (Fresh Graduates Welcome to Apply) in ... http://bit.ly/bagYuu
2 hours 13 minutes ago by intmasterfeed on topsy#Cisco #Cloud Cloud on ZDNet Asia: Aussie university joins Cisco cloud ยท Early-adopter criminals embrace cloud... http://bit.ly/d93C8S #TCN
3 hours 16 minutes ago by thetechgang on topsywww.3w.com.au has seen it's outsourced IT Contracting Business in Manila grow at 4 times the rate of its traditional Australian Based...
9 hours 54 minutes ago by brucemills on Companies' outsourcing spend to increase
RT @3wconsulting: Whitepaper from http://3W.com.au "Outsourcing Your IT Requirements to Philippines" now on @zdnetaustralia & @zdnetasia http://ow.ly/1oY9f
10 hours 3 minutes ago by LeesaAT3W on twitter
Whitepaper from http://3W.com.au "Outsourcing Your IT Requirements to Philippines" now on @zdnetaustralia & @zdnetasia http://ow.ly/1oYbA
10 hours 4 minutes ago by itemployment on twitter
Whitepaper from http://3W.com.au "Outsourcing Your IT Requirements to Philippines" now on @zdnetaustralia & @zdnetasia http://ow.ly/1oYbz
10 hours 4 minutes ago by brucemills on twitter
Zdnetasia.com Estimated Worth $178,365 USD. Daily Ad Revenue:$244 USD, Daily Views:81,445 Pages... - http://www.haplog.com/www.zdneta...
19 hours 47 minutes ago by Haplog on twitterrecently estimated website net worth of zdnetasia.com - http://www.haplog.com/www.zdneta...
19 hours 47 minutes ago by haplog on topsyWhen I create an event, I click on an approximate time during the day when I want the event to occur, then I click "edit event detail...
1 day 23 minutes ago by bessellbrowne on Google Calendar gets 'smart' reschedulingipads break alott i had one it broke three times in the month i had it so i got rid of the damn thing id just go for the laptop Top Grade...
1 day 25 minutes ago by bessellbrowne on Report: 'Hundreds of thousands' of iPad preordersThere are a number of websites that still require Internet Explorer to view and IE for Mac Stinks (it is really ies4osx which is the Wind...
1 day 26 minutes ago by bessellbrowne on Microsoft: Only minor tweaks in Windows 7 SP1The receivers don't transmit back to the satellite. Unless there is a phone line attached to the receiver, they don't have any wa...
1 day 29 minutes ago by bessellbrowne on Apple to join the geolocation craze?"Lead Cognos BI Developer Insurance - Jobs - ZDNet Asia" http://bit.ly/bRcxOG
1 day 24 minutes ago by rhrcognos on topsywhatever little understanding I have we 'll only progress toward end of the world if we use HPCs to lenthen life of human being. Huma...
1 day 36 minutes ago by abhi32002@gmail.com on High computing promises elixir of lifeThanks for the knowledgeable article on SDDs. Allas...when all this reasearch will happen in Indian Universities. Hope the new bill on Fo...
1 day 48 minutes ago by abhi32002@gmail.com on APAC HPC users eye solid-state drivesIt was a good article. This brings a good opportunity for Indian IT firms to come up with new solutions in this field. HPC can become a b...
1 day 7 minutes ago by abhi32002@gmail.com on High computing most-wanted job in AsiaCOL KR DHARMADHIKARY(RETD) its very late to reply the link, but if it is still alive and looking for opportunity, i would like to know th...
2 days 4 minutes ago by deb021280 on Education takes off in rural India, helped by PCsIt was just a matter of time until google was marginalised anyway. I'm afraid this will be forgotten in China very quickly. Still, it...
2 days 9 minutes ago by robinsmith on Report: Google to leave China on April 10
High performance computing (HPC) most-wanted job in Asia http://bit.ly/9vFC3i (via @zdnetasia) #singapore
2 days 21 minutes ago by mySingapore on twitterHe doesn't care if her shoes are of glass, All he wants to see is a huge rack and nice a*s. Sleeping beauty's not awoken by true ...
2 days 38 minutes ago by warlowdavies on One pair of 3D glasses to rule them all
RT @zdnetasia: EMC COO, Pat Gelsinger, on bridging gaps in the organization and its cloud ambitions in Asia. (cont) http://tl.gd/i5jjd
2 days 10 minutes ago by mistymaitimoe on twitter
EMC COO, Pat Gelsinger, on bridging gaps in the organization and its cloud ambitions in Asia. http://bit.ly/9etOZW
2 days 14 minutes ago by zdnetasia on twitter
Asian SMBs need to pay more attention to disaster recovery planning http://bit.ly/bDet08 via @zdnetasia
2 days 29 minutes ago by asiapacsolution on twitterAsian SMBs need to pay more attention to disaster recovery planning http://bit.ly/bDet08
2 days 44 minutes ago by zdnetasia on twitter
[TECH] URL Shorteners slow Web redirection. - http://bit.ly/bySnWK @zdnetasia
3 days 27 minutes ago by danielcktan on twitter
URL shorteners are great but they can slow web redirection & you pray it would never go down http://bit.ly/bySnWK via @zdnetasia
3 days 55 minutes ago by angahsin on twitterURL shorteners slow Web redirection. http://bit.ly/bySnWK
3 days 24 minutes ago by zdnetasia on twitterChinese agencies cry foul over Google. http://bit.ly/by6rwV
3 days 30 minutes ago by zdnetasia on twitterall of sg's isps have been practising compulsory invisible proxy for all home subscribers at their backend since many years back alre...
3 days 48 minutes ago by melvinchia on Web filters mean bad news for businessit is not to good for china.
Proactol
Very good explanation of JMX
4 days 38 minutes ago by Babith B on Managing applications with JMXThe reaction to a report issued Tuesday by Flurry Analytics managed to completely overlook some interesting news--the Android-based Motorola Droid outsold the original iPhone over the same period of time following their respective launches--to focus instead on the sales numbers for the Nexus One.
4 days 42 minutes ago by lonemavericks on diggsAnother ZTE story....
4 days 44 minutes ago by Moderate Your Greed on Philippines opens bid for final 3G licenseKeep up with ZDNet Asia
Linkedin 
RSS Feeds 
Newsletters 
Twitter Inside ZDNet Asia
Sponsored
The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power
2010 IT Salary & Skills Report
Find out the salary range of IT professionals. Join activeTechPros for free access to the report.
The Internet Show 2010, 21-22 Apr 2010, Singapore
FREE admission for visitors who pre-register online. Register Today!
