 sj |
||
|
||
Tech: Kingston Office security issue
|
|
|
|||||||
|
Tech: Kingston Office security issue |
Share Thread
|
||||||
|
Subject: Tech: Kingston Office security issue From: gnu Date: 01 Apr 13 - 01:45 PM I understand (am told - BIG difference) that I am extremely vulnerable because my MS Office uses this software and that I should update to version 2724. Well, I have been trying to do so and finally went to where Kingston told me to go and still dunno what to do. I checked Windows updates and they don't have any alerts... yet? Any comments? |
|
Subject: RE: Tech: Kingston Office security issue From: gnu Date: 01 Apr 13 - 01:49 PM Original alert. |
|
Subject: RE: Tech: Kingston Office security issue From: Q (Frank Staplin) Date: 01 Apr 13 - 02:19 PM Difficult when the update is in Japanese only. Haven't heard of Kingston before. Is your MS Office a version for Japan? |
|
Subject: RE: Tech: Kingston Office security issue From: JohnInKansas Date: 01 Apr 13 - 03:09 PM According to several search hits: "Kingsoft Office software includes free word processor, spreadsheets and presentation software alternative to Microsoft Word, Excel and PowerPoint. MS Office ... " Agree with Q, never heard of it, and never seen it in reviews of "alternatives to Microsoft" by any of my usual suspects. It might be of interest to know how it got on your computer(?). Microsoft has been trying to make their Office look like it was designed by a bunch of 10 year old kids for use by the younger children, so maybe this is the real thing - by a bunch of Japanese kids? (Note that the sarcasm is for the benefit of Microsoft and not intended as serious criticism of gnu's choice of software - - yet.) Buffer overflow vulnerabilities have been found in many programs and operating systems and are one of the most common kinds of vulnerabilities needing patching. The threat, and description of what can be done with one that's not patched is about the same for all of them. The better AV programs usually will detect the "specially crafted file" needed to implement malware using these vulnerabilities, but a "craftily crafted specially crafted file" could let one slip past even a good AV, and an O.S. (operator stupidity) defect could override an AV block on downloading any file, so as long as the vulnerability exists there is the possibility that a malware program could get into your computer. A patch to modify the program, if one is available, is about the only way to remove the vulnerability, but usually the producer of the program is the only source able to produce a patch. The "where Kinston told me to go" just says that older versions are vulnerable and you need to download and install the newest version. (quibble: they don't actually SAY that the vulnerability has been patched in the new version, although you're probably expected to ASSume that.) John |
|
Subject: RE: Tech: Kingston Office security issue From: Newport Boy Date: 01 Apr 13 - 04:09 PM Kingsoft (not Kingston) is an alternative to MS Office which has been around for some time. It has only been available for Windows until recently, but there's now an Android version which seems to be gathering support. The links given are only to security websites. Kingsoft's UK website has an update to Office 2010 free, but I can't tell whther this addresses the problem. I can't check any further - I don't use office suites on Windows. Phil |
|
Subject: RE: Tech: Kingston Office security issue From: gnu Date: 02 Apr 13 - 08:43 AM Q... Canuck version. It is web-based. Kaspersky alerted me. |
|
Subject: RE: Tech: Kingston Office security issue From: JohnInKansas Date: 02 Apr 13 - 11:34 AM Both of the first two links gnu posted are to organizations active in malware detection and protection. Kaspersky in particular is very well known and reliable. I've heard less about JVN. Both say: "Solution: INSTALL LATEST VERSION (of the program)." JVN further states: "According to the developer, users can update from Kingsoft Writer 2007 to Kingsoft Writer 2010 by the online update." "the developer" apparently means Kingsoft for your purposes. Q comments "Difficult when the update is in Japanese only." I didn't find that with my search, although I didn't try to get the download; but if the program is operable in multiple languages it should be supported in any of them by searching or by selecting a different language at their homesite. The JVN notice has hot links to the Japanese company, and using those links might get you to a Japanese language page. A search with Google or other engine should take you to sites in your local language. IFF you remember where you got your current version you probably can get the update from the same place(?). Both of the AV sites say that the problem is solved if you install the latest version of the program. John |
|
Subject: RE: Tech: Kingston Office security issue From: gnu Date: 02 Apr 13 - 11:49 AM My link appears in English for me. There are Japanese version which can be "translated" with Bing. The software appears to be from a Japanese company but I believe they sub'contracted this particular work to a Chinese company. In any case, the vulnerabilities are HUH???? I just read the two applications... Windows Image Helper dgbhelp.dll in Real Player and in KASPERSKY!!! I just went to the details without reading the locations. How odd! |
|
Subject: RE: Tech: Kingston Office security issue From: gnu Date: 02 Apr 13 - 05:59 PM Kaspersky : Hello.....Do nothing at the moment but keep an eye on this link as its known and they are working on a fix. http://forum.kaspersky.com/index.php?showt...=0#entry2013198 |
| Share Thread: |