Word Zero Day Mitigation

I hear that a government agency (which I wont name) is blocking all email file attachments with a .doc extension as a result of the announced zero day attack. The email that I saw adviced employees to stick to TXT files and PDF files.

Every company has its own level of risk aversion but I think this is kind of ridiculous. Word documents are essential to business. I've asked before in this blog, you people with untrustworthy antivirus who block by file type what are you going to do when viruses come in flavors other than easily blockable things like EXE and PIF. Well, we found soon that viruses come in image files. Viruses come in office files. I guess the answer for this agency will eventually be to enforce text only email.

The Federal agency will be blocking .doc files until a fix is available or they feel the threat level has changed. I did hear that renaming the extension before mailing does circumvent this filter. So they aren't blocking using the file header, only by extension. If someone were truely targeting them specifically, and currently this attack is only used against one or two companies, the attacker might know enough to rename the file with instructions for the recipient to rename the .cod file back to .doc.

I'm a bit surprised that they are advising that PDF files are an acceptable alternative. Adobe Reader and Professional have all kinds of remote execution vulnerabilities. Adobe recommends that you upgrade to version 8 which was released this week.