PDA

View Full Version : Microsoft Issues Word/Works Zero-Day Attack Alert

Crockett
12-06-2006, 04:28 PM
By Ryan Naraine
December 5, 2006

Microsoft on Dec. 5 warned that an unpatched vulnerability in its Word software program is being used in targeted, zero-day attacks.

A security advisory from the Redmond, Wash., company said the flaw can be exploited if a user simply opens a rigged Word document.

Affected software versions include Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word.

More Details... (http://www.eweek.com/article2/0,1895,2068800,00.asp?kc=EWEWEMNL120406EP22A)

Microsoft Security Advisory 929433 (http://www.microsoft.com/technet/security/advisory/929433.mspx)
sharber60
12-07-2006, 04:09 PM
Doesn`t look like much has been done about this attack yet.. :confused:

http://news.zdnet.com/2100-1009_22-6141221.html?tag=nl

A yet-to-be-patched security hole in multiple versions of Word is being exploited in cyberattacks, Microsoft warned late Tuesday.

The attacks are "limited," according to a Microsoft security advisory. The Redmond, Wash.-based software maker is developing a security update that addresses the vulnerability, it said.

The vulnerability is similar to previous so-called zero-day flaws that have hit Office applications in recent months. An attacker could rig a Word file in such a way that he would gain complete control over a vulnerable PC when the file is opened, Microsoft said in its advisory.

An attacker could exploit the flaw by hosting a Web site with a malicious Word file or send an e-mail with the file as an attachment. In all cases, the target would have to open the file to be compromised, Microsoft said.

Security experts have said the limited-scale attacks are the most dangerous. Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern, since they can be blocked. Instead, especially for businesses, targeted Trojan horses have become nightmares, as they can fly under the radar.

The latest Office vulnerability affects Word 2000, Word 2002, Word 2003, Microsoft Word Viewer 2003, Word 2004 for Mac, Word 2004 version X for Mac, as well as Works 2004, 2005 and 2006, Microsoft said. As a way of protection, Microsoft suggests not opening or saving Word files from unknown sources or that arrive unexpectedly.