New Flaw Attacks MS Word

Secunia, a security firm came out with a statement highlighting an unpatched flaw in Microsoft Word 2000, a component of Windows 2000 operating systems. It leads to an unspecified error when the computer processes an MS Word document. This flaw is exploited on opening a malicious Word file with the computer getting infected with a Trojan horse, which gives hackers remote control of the PC to run harmful codes on it.

Symantec products have detected the Trojan as Trojan.Mdropper.Q. It exploits the loophole by adding another file to the infected computer. The dropped file, in turn droops another file, which is a new variation of Backdoor.Femo. In keeping with the more recent Microsoft Office vulnerabilities, documents in which the exploit code is incorporated have to be opened using a vulnerable copy of Microsoft Word 2000 for it to function. The vulnerability is then made unsuitable to create self-replicating network worms. These conclusions were released in a security advisory by Symantec on September 3, 2006.

The flaw has been accorded the rating of extremely critical, suggesting the highest threat level. McAfee refers to it as W32/Mofei.worm while Symantec has labeled it Trojan.MDropper.Q.

According to Symantec's Hon Lau, MS Word loopholes will continue to be targeted for exploitation due to easy concealment of malware in word documents. Vulnerabilities in Microsoft Office make the ideal platform for social engineering and email based attacks. Microsoft Office documents continue to be used for sharing and information exchange by enterprises, small businesses and consumers. These types of documents are mostly cleared by most firewalls and security solutions making Microsoft Office documents handy for carrying hidden executable malicious code.

A representative of Microsoft claims that the company is in the process of investigating the possible loophole in MS Word 2000, based on the reports. So far Microsoft is has not yet found any damages accruing to the existing loophole, nor is its impact on the customers fully ascertained. A security patch is likely to come from a Washington-based software firm, Redmond to correct this flaw.

The advisory team goes on to explain that till the time a patch is made available from a vendor for installation, users are advised to play safe in computing activities using great caution in opening unsolicited emails in Microsoft Office document format.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 9/12/2006