Here’s the text of the first email I sent out today. (Names omitted for the usual reasons.)
I’m addressing this message to you because I have, in the past, received a number of Word files from you as attachments to your messages. My purpose in sending it to you is not to single you out, accuse you or blame you but rather to alert you to this issue, and besides I had to have someone to address the message to, so that I could copy the others on my BCC.
This Microsoft Security Bulletin, dated December 5, 2006, http://www.microsoft.com/technet/security/advisory/929433.mspx, documents a so-called “zero day” vulnerability in Microsoft Word that could allow remote code execution. Feel free to visit the Microsoft site and read the full bulletin for yourself, but I provide “my” summary in this message for your convenience.
The vulnerability affects these Microsoft products: Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
Here is the important part.
“In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.”
As with all such vulnerabilities, this one is a severe pain in the butt, since it is frequently useful to be able to share files with friends and associates in this format, but I suppose it is just one of the prices we must pay for the ease and convenience of being connected electronically.
Since the approaching Holiday Season presents an occasion to send “all your friends” a Word file containing pictures of your family and a narrative that explains all the wonderful things that have happened to you during the past year as well as your wishes for the season, you may be tempted to send such a document electronically. I urge you not to do it. Call me Scrooge if you wish, but I’m not opening any such documents I receive. A plain-text email with a wish for a Merry Christmas, Happy Holidays or Happy New Year will get read; an attached Word document won’t.
If you want me to look at your Word document that you so carefully composed, print it out and mail it in the U. S. Mail. At least that way, all I have to worry about is Anthrax or a letter bomb, both of which are at least modestly more difficult to create.
As they say, Happy Friggin’ Holidays!