Seasons Greetings

Here’s the text of the first email I sent out today. (Names omitted for the usual reasons.)

Dear friend,

I’m addressing this message to you because I have, in the past, received a number of Word files from you as attachments to your messages. My purpose in sending it to you is not to single you out, accuse you or blame you but rather to alert you to this issue, and besides I had to have someone to address the message to, so that I could copy the others on my BCC.

This Microsoft Security Bulletin, dated December 5, 2006, http://www.microsoft.com/technet/security/advisory/929433.mspx, documents a so-called “zero day” vulnerability in Microsoft Word that could allow remote code execution. Feel free to visit the Microsoft site and read the full bulletin for yourself, but I provide “my” summary in this message for your convenience.

The vulnerability affects these Microsoft products: Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.

Here is the important part.

“In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.”

As with all such vulnerabilities, this one is a severe pain in the butt, since it is frequently useful to be able to share files with friends and associates in this format, but I suppose it is just one of the prices we must pay for the ease and convenience of being connected electronically.

Since the approaching Holiday Season presents an occasion to send “all your friends” a Word file containing pictures of your family and a narrative that explains all the wonderful things that have happened to you during the past year as well as your wishes for the season, you may be tempted to send such a document electronically. I urge you not to do it. Call me Scrooge if you wish, but I’m not opening any such documents I receive. A plain-text email with a wish for a Merry Christmas, Happy Holidays or Happy New Year will get read; an attached Word document won’t.

If you want me to look at your Word document that you so carefully composed, print it out and mail it in the U. S. Mail. At least that way, all I have to worry about is Anthrax or a letter bomb, both of which are at least modestly more difficult to create.

As they say, Happy Friggin’ Holidays!

Advertisements

4 thoughts on “Seasons Greetings

  1. Michael Neel

    hehe… I’d say send a a PDF instead, but I think most people would rather have the virus from word than open a PDF that – even when virus free – crashes your system =p

    Reply
  2. Perry Post author

    Yes, a PDF file would be an option but that’s problematic even when it doesn’t crash your system, perhaps because you use Foxit Reader as I do. I don’t think most people know how to create a PDF file, may not be comfortable navigating them, and probably even don’t understand that it is an option for such things as “Christmas letters.”

    Reply
  3. Perry Post author

    If this half of the “we” you refer to were more energetic and evangelistic, perhaps we could. However, I have no illusions that any efforts on my part would lead to the demise of MS Office. Even if I converted ALL of my limited readership, it would have no effect at all on MS Office’s hold on the world, as I’m sure you know.

    However, I can, and will, add this link to Open Office in case anyone wants to check it out. Thanks for the suggestion.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s