No. 1 Story

Construction needs cloud flexibility

Australia’s embattled construction sector could benefit from cloud based information systems that can be switched on and off in lockstep with individual projects – with the exception of those organisations based in remote areas like the Kimberleys.

read more

Related Articles

Adoption of cloud computing has reached a tipping point  - but don’t expect legacy...
In yet another blow to the Facebook IPO this week, following the withdrawal of...
Recruitment technology and social media have played a significant role in growing business in...
Telstra came out on top in a mobile phone customer survey conducted by the...
Need a new One with 4G speeds at an XL size, while still being...

Zero-day Word vulnerability

Your IT - Home IT

Hot on the heels of Microsoft's latest security update for Office comes a bulletin from the company concerning a new vulnerability that has yet to be fixed.

Like some of the issues patched this week, the newly discovered weakness involves maliciously crafted documents that cause system memory corruption leading to the execution of arbitrary code contained within the document.

According to the bulletin, Office 2000 and XP are affected, but not 2003 or 2007. Attacks are said to be limited and targeted so far.

Microsoft has updated Windows Live OneCare security scanner to detect attempted exploits and will share relevant information with Microsoft Security Alliance Partners. A permanent fix for the problem is under development.

Otherwise, the advice is to avoid opening Office files from untrusted sources. Given the targeted nature of such attacks, that could be difficult as the document could arrive in an email apparently from a known associate, customer, supplier or even a government agency.

Targeting also means that any particular attack is more likely to get through to the intended victim - the more common scattergun approach is more likely to come to the attention of software and security vendors before any particular organisation is hit. But an attack aimed specifically at a handful of people within your organisation is much harder to detect before it is too late.