Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Microsoft Word Gets A New Flaw

While opening 'Microsoft Office' attachments, there is yet another reason to be careful about. On December 5, 2006, Microsoft warned of a new, un-patched 'memory corruption error' it found in its 'word-processing' software. The company said there was an investigation ongoing on reports of "limited" attacks that take advantage of the problem.

Microsoft's public relations firm said in an e-mail statement that the company has come to know about "limited zero-day" attacks exploiting a vulnerability in 'Microsoft Word 2000', 'Microsoft Word 2002', 'Microsoft Office Word 2003', 'Microsoft Word Viewer 2003', 'Microsoft Word 2004' for Mac and 'Microsoft Word 2004 v. X' for Mac, and also 'Microsoft Works 2004, 2005, and 2006.

Security firm 'FrSIRT' rated the vulnerability in Microsoft Word as "critical" and explained in an advisory that attackers could exploit it to gain complete control of an affected system. The flaw results from a 'memory corruption error' while handling a malformed document. Attackers could exploit it to give arbitrary commands by duping a user into viewing a specially crafted Word document.

Microsoft has not made available any 'pre-patch workarounds'. However, in a security bulletin, it suggests users to desist from opening or saving Word files, even if they came from trusted sources. To be safe, users should always maintain caution when opening e-mails with unsolicited attachments from both known and unknown people.

Microsoft assured that after the investigation was complete, it will take appropriate steps for the protection of its customers. This may include producing a 'security update' through its 'monthly release process' or even an "out of cycle" security update according to the urgency of customer needs.

Since automatic security updates have become common, attackers now focus more on developing attacks that target on such un-patched flaws in the software. These attacks are sometimes called '0day attacks'. This process has compelled Microsoft to design an increasing number of software updates in recent months.

Hackers have particularly turned their attention to Microsoft's Office products. Some researchers think them to be more active source of bugs than the Windows operating system.

This 'zero-day' attack in Microsoft Word is the second major one in 2006.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 12-12-2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next