OOXML Fataly Flawed?

Thanks to Roy’s tenacity and constant vigilance, I have learned how it now appears the MS Office binary format that is wrapped in XML and is now known as IS 29500 (OOXML), an ISO Standard Office Document Specification (ROTFL), is giving hackers everywhere a field day.

It is now official and also confirmed that OOXML files are not just insecure but there are also persistent attacks against new flaws (without any security patches being available, i.e. zero-day).

There are some good links and sources to this article so recommended reading for anyone who is considering using Office 2007 or receives an OOXML document (the ones ending in x, e.g docx, pptx and xlsx). IMHO your automatic response should be to return it directly to the sender, do not attempt to open it, and ask for them to send it to you in an open format such as ODF or PDF or even plain text. I would also suggest that you provide a link to OpenOffice.org in the reply.

In the last few scant months, there have been several major and very serious security flaws and attack opportunities with Microsoft’s software. Surely, it must be becoming clear to everyone by now:

If the foundations are weak, the walls crumbling, the windows broken and the roof collapsing; it’s time to move.

Tags: , , , , , ,

Leave a Reply

XHTML: You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>