{"id":9306,"date":"2017-09-14T20:57:59","date_gmt":"2017-09-15T04:57:59","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/14\/news-3079\/"},"modified":"2017-09-14T20:57:59","modified_gmt":"2017-09-15T04:57:59","slug":"news-3079","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/09\/14\/news-3079\/","title":{"rendered":"If you can\u2019t avoid Word's 'Enable Editing,' patch Windows right now"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Thu, 14 Sep 2017 06:55:00 -0700<\/strong><\/p>\n

In the normal course of events, it takes a week (or two or three) for the bugs in each month\u2019s Windows and Office security patches to shake out. This month\u2019s patches are no exception. There are lots of reports of problems with IE and Edge<\/a>, for example, and many more are piling up.<\/p>\n

In the normal course of events, the fresh-off-the-press security patches present more of a threat<\/a> to most people in the short term than do the problems the patches are supposed to fix. You have to patch sooner or later, but by waiting for the screams of pain to die down, you can save yourself some major headaches.<\/p>\n

This month, unfortunately, the scales have tipped in the opposite direction.<\/p>\n

As I explained yesterday, this month\u2019s Patch Tuesday brought a bunch of patches aimed at fixing a hole in .Net<\/a> that allowed a bad RTF file to take over your machine. Coined CVE-2017-8759, the security hole romps through an alphabet soup of acronyms, but it boils down to this: Somebody could send you a bad document attached to an email message that, if improperly handled, could take over your computer.<\/p>\n

The improper handling? You have to open the bad file in Word and then click the \u201cEnable Editing\u201d button at the top of the document. It’s a “d’oh” kind of scenario that, unfortunately, plays out far too often.<\/p>\n

As originally reported<\/a>, this \u201cSOAP WSDL parser code injection vulnerability\u201d appeared in only one rigged Russian-language document, \u041f\u0440\u043e\u0435\u043a\u0442.doc. The exploit appears to come from a group that\u2019s trying to spy on a Russian-speaking organization.<\/p>\n

Now I\u2019m seeing mini-courses popping up all over the web, including this YouTube video<\/a> and this GitHub entry<\/a> from malware researcher Vincent Yiu, that explain in excruciating detail how to pop open the CVE-2017-8759 security hole. It\u2019s only a matter of time \u2014 possibly just hours, certainly days \u2014 before the script kiddies pick up on the technique and start spraying infected RTF documents all over the internet.<\/p>\n

Bottom line: DON\u2019T CLICK \u201cEnable Editing.\u201d<\/strong> If you can\u2019t keep your finger (or your friends\u2019 or your clients\u2019 fingers) from clicking that button, you better get .Net patched.<\/p>\n

Microsoft has a detailed list of which patches to apply<\/a>. If you\u2019re running Windows 7 or 8.1 and you can figure out which version(s) of .Net are on your machine, you can apply individual patches. If you\u2019re running Windows 10, you have no choice but to install this month\u2019s cumulative update in its entirety.<\/p>\n

It\u2019s a damned-if-you-do situation, but in this case \u2014 if you can\u2019t keep from clicking \u201cEnable Editing\u201d \u2014 you\u2019re better off installing the patch(es) now and dealing with the bugs later.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Thu, 14 Sep 2017 06:55:00 -0700<\/strong><\/p>\n

\n
\n

In the normal course of events, it takes a week (or two or three) for the bugs in each month\u2019s Windows and Office security patches to shake out. This month\u2019s patches are no exception. There are lots of reports of problems with IE and Edge<\/a>, for example, and many more are piling up.<\/p>\n

In the normal course of events, the fresh-off-the-press security patches present more of a threat<\/a> to most people in the short term than do the problems the patches are supposed to fix. You have to patch sooner or later, but by waiting for the screams of pain to die down, you can save yourself some major headaches.<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10525],"class_list":["post-9306","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9306"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9306\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9306"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}