Microsoft Cautions against New Word Flaw

After issuing Patch Tuesday on February 13, 2007 Microsoft discovered a new flaw in Word. The company has issued an advisory warning users that many are exploiting the flaw in the wild. Microsoft included 12 security bulletins in its security patch to address 20 vulnerabilities, including six patches for Word and one patch for Excel as well as PowerPoint.

The new security bug emerging as immediately after Microsoft's scheduled patch release is more likely to be intentional, than coincidental. The attack is another case of the "Exploit Wednesday". Cyber criminals have found a way to turn Microsoft's security update cycle timing to their advantage by releasing the new attacks a day before or after Patch Tuesday. The second Tuesday of every month, when the software giant issues its fixes is called "Patch Tuesday".

According to Microsoft's security advisory, when an individual opens the flawed Word file, it may damage the system memory in such a manner that an attacker could acquire complete access of the PC. Office 2000 and Office XP are vulnerable to the risk, said the company. But the two latest versions, Office 2003 and 2007 are unaffected.

As with trends of Office vulnerabilities, a hacker would be successful by tricking a user into opening an infected file. Attackers are exploiting the vulnerability in question in "very limited and targeted attacks", said Microsoft. The company is working on a security update to fix the problem, it added.

According to Microsoft, it has deployed detection tools to the Windows Live OneCare safety scanner, which updates automatically to remove malicious software that tries to exploit this security flaw. The company also plans to share experiences and information with Microsoft Security Response Alliance partners so that their detection is able to identify the latest attacks and also repair them.

Microsoft recommends users not to open Office documents unless they knew the sources or were expecting them. It said a patch was in its plans but did not commit any time line.

Experts suggest users to disable default opening of Microsoft Office files, not depend on file name extension, and use filters for protection.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 2/26/2007