I have been using FireFox more and more recently and was amused to find out
that when I went to Microsoft Office
Update I was told I need to use IE to download the required patches. I am
no expert on monopolies but there seems to be something unfair about being
forced into having a copy of IE on hand to make sure you can upgrade your
software.
The same thing holds true for Windows
Update. I would think the EU and the DOJ/FTC would be up in arms about such
practices.
Here is the e-mail regarding a security flaw in Office that started me down
this path:
National Cyber Alert System
Technical Cyber
Security Alert TA05-193A
Microsoft Windows, Internet
Explorer, and Word Vulnerabilities
Original release date: July 12, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Office
* Microsoft Internet Explorer
For more complete information, refer
to the Microsoft Security
Bulletin Summary for July, 2005.
Overview
Microsoft has released updates that
address critical vulnerabilities
in Windows, Office, and Internet
Explorer. Exploitation of these
vulnerabilities could allow a remote,
unauthenticated attacker to
execute arbitrary code on an affected
system.
Microsoft Security Bulletins for July,
2005 address vulnerabilities in
Windows, Office, and Internet
Explorer. Further information is
available in the following
Vulnerability Notes:
VU#218621 - Microsoft Word buffer
overflow in font processing routine
A buffer overflow in the font processing
routine of Microsoft Word may
allow a remote attacker to execute
code on a vulnerable system.
(CAN-2005-0564)
VU#720742 - Microsoft Color Management
Module buffer overflow during
profile tag validation
Microsoft Color Management Module
fails to properly validate input
data, allowing a remote attacker to
execute arbitrary code.
(CAN-2005-1219)
VU#939605 - JVIEW Profiler
(javaprxy.dll) COM object contains an
unspecified vulnerability
The JVIEW Profiler COM object contains
an unspecified vulnerability,
which may allow a remote attacker to
execute arbitrary code on a
vulnerable system.
(CAN-2005-2087)
II. Impact
Exploitation of these vulnerabilities
could allow a remote,
unauthenticated attacker to execute
arbitrary code with the privileges
of the user. If the user is logged on
with administrative privileges,
the attacker could take control of an
affected system.
III. Solution
Apply Updates
Microsoft has provided the updates for
these vulnerabilities in the
Security Bulletins and on the
Microsoft Update site.
Workarounds
Please see the individual
Vulnerability Notes for workarounds.
Appendix A. References
* Microsoft Security Bulletin
Summary for July, 2005
<http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx>
* US-CERT Vulnerability Note
VU#218621
<http://www.kb.cert.org/vuls/id/218621>
* US-CERT Vulnerability Note
VU#720742
<http://www.kb.cert.org/vuls/id/720742>
* US-CERT Vulnerability Note
VU#939605
<http://www.kb.cert.org/vuls/id/939605>
* CAN-2005-0564
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0564>
* CAN-2005-1219
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1219>
* CAN-2005-2087
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2087>
* Microsoft Update
<http://update.microsoft.com/>
* Microsoft Update Overview
<http://www.microsoft.com/technet/prodtechnol/microsoftupdate/defa
ult.mspx>
_________________________________________________________________
Feedback can be directed to the
US-CERT Technical Staff.
Please send mail to cert@cert.org with
the subject:
"TA05-193A Feedback
VU#720742"
_________________________________________________________________
This document is available at
<http://www.us-cert.gov/cas/techalerts/TA05-193A.html>
_________________________________________________________________
Produced 2005 by US-CERT, a government
organization.
_________________________________________________________________
Terms of use
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
July 12, 2005: Initial release
Last updated July 12, 2005
Technorati
Del.icio.us
Slashdot
Digg
twitter
The only thing IE is good for is downloading Firefox.
A great solution is to switch to the free OpenOffice.org software. So far I have never had a problem opening any Microsoft created spreadsheet or document using it.
My solution to monopolies is to replace them instead of bowing to their coercion.