微軟拉警報 Word零時差攻擊再起
http://cpro.com.tw/channel/news/content/?news_id=53202&cid=A0503
微軟警告:新的Word零時差攻擊再度出現 http://www.informationsecurity.com.tw/news/view.asp?nid=2913
最近0day攻擊真多,微軟patch的效率更讓人搖頭@@
更好笑的是,在微軟的Advisory的Workarounds竟然說"Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources." 意思就是沒什麼好辦法,等死吧。誰能確定哪裡是"trusted sources"??
patch還沒出,目前survey的solution:
1. AbiWord (Free)
我剛裝起來用過,雖然速度很慢,還堪用就是了。
發現AbiWord用的WV library也出問題,而AbiWord還沒出新版。(12.12)
2. Online viewer for PDF, PostScript and Word (Free)
只是要把檔案上傳,比較麻煩,也不適合看比較機密的文件。
3. TextMaker (要$)
開檔速度很快,比Word快很多,比Word Viewer慢一滴滴而已。可惜要錢..
4. OpenOffice Writer (Free)
還沒裝來測...
5. word to pdf 轉檔再開,雖然有點麻煩。(2006.12.12)
6. Word 2007 : "Our initial investigation has discovered that Word 2000, Word 2002, Word 2003 and the Word Viewer 2003 are affected, but Word 2007 is NOT affected by the vulnerability."
還沒裝來測... (2006.12.12)
目前我是用TextMaker開 :p
Microsoft Word 0-day Vulnerability FAQ - December 2006, CVE-2006-5994 [UPDATED]
留言列表
