Zero-day Word flaw used in attack | Tech News on ZDNet

On BNET: How to improve your gas mileage

BNET Business Network:: BNET; TechRepublic; ZDNet

TalkBack

By Joris Evers, News.com
Posted on ZDNet News: May 19, 2006 6:32:00 PM

A new, yet-to-be-fixed security hole in Microsoft Word exposes computer users to cyberattack, Symantec warned Friday.

Would-be intruders already have attempted to compromise PCs at a Japanese government entity by exploiting the flaw, Vincent Weafer, the senior director at Symantec Security Response, said in an interview. In response, Symantec has raised its ThreatCon to Level 2, which means an outbreak is expected.

"What we're seeing is a continuation of the targeted threat using zero-day vulnerabilities," Weafer said. (Zero-day flaws are ones for which no patch exists.) "We got it from a single large customer inside Japan. We have not seen anyone else get it."

Microsoft is readying a security update for Word that repairs this vulnerability, a company representative said in an e-mailed statement. The fix is scheduled to be released as part of the June 13 security updates, or sooner, if warranted, the representative said.

The malicious software arrives as a Microsoft Word file attachment to an e-mail message. When the document is opened by the user, the vulnerability is triggered. In the Japanese case, the Word document actually displayed some text related to a treaty with China, but while the text was displayed, a backdoor was installed on the system, Weafer said. Backdoor software allows intruders to enter computers surreptitiously.

"The backdoor in turn pings an IP address located in Asia. It just pings to say it is available, but then, of course, you have a backdoor on your system," he said.

The vulnerability was confirmed in Word 2003, Symantec said. The malicious file caused Word 2000 to crash, but did not run the malicious payload, it added.

Exploitation of the security hole so far is only known as part of a single, targeted attack, Symantec said. "However, with the disclosure of this previously unknown vulnerability, new attackers may begin to exploit it in a widespread manner," the Cupertino, Calif., security company said in an advisory sent to customers.

The targeted attack can bypass spam filters, and Symantec's antivirus software doesn't yet detect the particular Word file as malicious, Weafer said. "We are looking at the vulnerability itself, in terms of generic blocking," he said, adding that the security software does detect the backdoor and the installer of the backdoor.

Microsoft and Symantec urge caution in the opening of Word documents received as an unexpected e-mail attachment.

Talkback
Most Recent of 164 Talkback(s)

Thread View
Flat View

"only happening in Japan": Yeah, only the number two economy in the world, no big deal. . .

[/sarcasm] (Read the rest); Posted by: Samanalysis Posted on: 06/11/07 You are currently: Logged In | Log out

Patch due June 13 Ohhh that's freaking nice. LinuxSystems | 05/19/06

Forgot to add... LinuxSystems | 05/19/06

Great placement! Spikey_Mike | 05/19/06

You're on a linux system Boot_Agnostic | 05/19/06

Yes I'm whining yes I run Linux... LinuxSystems | 05/19/06

Yes I'm whining yes I run Linux... LinuxSystemsIsAnAssWipe | 05/19/06

Hmmm... Zeppo9191 | 05/19/06

it's illiterate, Smart Guy. LinuxSystems | 05/19/06

Oh, and by the way... davedufour | 05/19/06

Switching to Open Office Neon Cockroach | 05/20/06

fun? SC-man | 05/20/06

It was glorious nomorems | 05/22/06

Yet Another Speedy Patch Response By Microsoft itanalyst | 05/19/06

Install OpenOffice OhMyGosh | 05/19/06

Now let's Be Fair Mr Shaun Warburton | 05/19/06

Word flaw used in attack waits for fix Loverock Davidson | 05/19/06

And Again, Another Moronic Response itanalyst | 05/19/06

So by your reasoning Shelendrea | 05/19/06

Loveschlock Doesn't Care itanalyst | 05/19/06

Could be Loverock Davidson | 05/19/06

All it takes is ONE person, Loverock! (nt) Zeppo9191 | 05/19/06

I'm willing to be dollars to donuts itanalyst | 05/19/06

BAH! Shelendrea | 05/19/06

I have a wooden post you can borrow to talk to itanalyst | 05/19/06

I don't think that Shelendrea | 05/19/06

Wow, I Hand't Thought About It That Way itanalyst | 05/19/06

ROTFL Shelendrea | 05/19/06

Could be counts for MS also Mr_Dave | 05/21/06

Yet again... zkiwi | 05/21/06

Yes, Only In Japan itanalyst | 05/19/06

No outside internet connections to the rest of the world TokyoPete | 05/20/06

no outside connections etc. TokyoPete | 05/20/06

reading too much into the post I think. spdrcrtob | 05/21/06

Jone 13 is nearly a month away Zeppo9191 | 05/19/06

YOU SAID LINUX YOU SAID LINUX!!!! itanalyst | 05/19/06

lol! Yeah, that I did. So sorry. (nt) Zeppo9191 | 05/19/06

Yes it is a month away Loverock Davidson | 05/19/06

Are you THAT stupid? itanalyst | 05/19/06

Ah. But not as stupid... John Zern | 05/19/06

"Getting the patch ready" <> "Releasing it ASAP" Zeppo9191 | 05/19/06

Got one word for ya... LinuxSystems | 05/19/06

Loverock, U dont get out of the hospital very often eh? DangDaCommonCentz | 05/22/06

Question yyuko@... | 05/20/06

LoveRock Davidson Is An Ass LoverockDavidsonIsAnAss | 05/20/06

"only happening in Japan" Samanalysis | 06/11/07

THIS BROUGHT TO YOU BY SAME PEOPLE WHO SAID OSS ISNT RELIABLE!! itanalyst | 05/19/06

calm down Shelendrea | 05/19/06

GAAAH! Eeep!!! Ugh!!! itanalyst | 05/19/06

Cesar G cesar44 | 05/21/06

This is no big deal bidemytime | 05/19/06

ROTFLMAO!!! Awesome!! itanalyst | 05/19/06

Ah. wasn't THAT funny John Zern | 05/19/06

Come on now Shelendrea | 05/19/06

Use OpenOffice or StarOffice untill MS wakes up and get a fix out. Simple! michael_t | 05/19/06

How much code did you look over in OO? John Zern | 05/19/06

Yet another reason... JDThompson | 05/19/06

How about we don't Loverock Davidson | 05/19/06

It doesn't do that anymore. Hugh Jass | 05/19/06

How about we know what we're talking about SC-man | 05/19/06

OMG, why doesn't Linux or Mac just save the world already Boot_Agnostic | 05/19/06

dont underestimate doh123 | 05/19/06

hey Boot_Agnostic | 05/19/06

Come on you Shills!!! Defend this latest gaffe!!! itanalyst | 05/19/06

Why? It's more fun watching you John Zern | 05/19/06

Microsoft vs Open Source jmonahan | 05/19/06

FACT: Open Source is NOT responsive to the needs of the masses! ajole | 05/22/06

ROTFLMAO too! 999ad@... | 05/19/06

Amen.... LinuxSystems | 05/19/06

Dont you get it??? We dont care. Cayble | 05/19/06

I would rather hack you than someone else IceTheNet@... | 05/20/06

Good. GO right ahead. Be My Guest Cayble | 05/20/06

Ah, but I DO care ... other_native | 05/20/06

Use Linux then Cayble | 05/20/06

Would if I could ... other_native | 05/20/06

Different software but you forgot SouthernPride | 05/20/06

Its easy, Linux usually installs great Cayble | 05/20/06

Yes, you may be right other_native | 05/20/06

Here are a few places to look about Linux ajole | 05/22/06

Open Source : 900 Fixes In Two Weeks itanalyst | 05/19/06

Are you really bragging about 900 holes in OSS? Confused by religion | 05/19/06

High Five Shelendrea | 05/19/06

Sure.... LinuxSystems | 05/19/06

If they had read the article that the OP was referencing, Hugh Jass | 05/19/06

Maybe the top poster should have included such Boot_Agnostic | 05/19/06

Damn - where do I get one of those... Confused by religion | 05/19/06

LOL your not missing at all... LinuxSystems | 05/19/06

You know, I feel sorry for you that you cannot run a Windows Confused by religion | 05/19/06

Excellent reply SouthernPride | 05/19/06

Actually, I Was A Unix Sys Admin For 4 Years itanalyst | 05/19/06

I don't know why I waste my time... LinuxSystems | 05/19/06

Milly there is a problem though... Linux Advocate | 05/20/06

Here is an excert from a long article... Linux Advocate | 05/20/06

How Do You Know? IceTheNet@... | 05/20/06

Feeling sorry SC-man | 05/20/06

Apparently all the IT admins with WinBox problems are *nix folks ajole | 05/22/06

Of Course SC-man | 05/19/06

Dreamer Cayble | 05/19/06

Reality SC-man | 05/20/06

FYI that covers 35 OS's windows alone has: IceTheNet@... | 05/20/06

Isn't Symantec supposed to alert MS *before* annoucing the vulnerability? wolf_z | 05/19/06

They're no longer on speaking terms... Zeppo9191 | 05/19/06

But George Ou can still complain about OOo. Letophoro | 05/19/06

Key word - caution SouthernPride | 05/19/06

Thanks for the info on Word, but.... Cayble | 05/19/06

But we do care... LinuxSystems | 05/19/06

Your solution is not Boot_Agnostic | 05/19/06

I have... LinuxSystems | 05/19/06

Apple does not compare to Linux SouthernPride | 05/19/06

OS X is SouthernPride | 05/19/06

Don't plan on switching anytime soon Boot_Agnostic | 05/20/06

How about you learn how to do your job Cayble | 05/19/06

Yep...I'll never open any e-mail attachments either. Grayson Peddie | 05/20/06

Check your IDS logs recently??? Spikey_Mike | 05/23/06

Ok.. Lemme get this straight... Wolfie2K3 | 05/19/06

Your a good luser then... LinuxSystems | 05/19/06

Stop crying Cayble | 05/19/06

Dude, get a Freakin' CLUE! ajole | 05/22/06

Well... zkiwi | 05/22/06

I'm not defending anything, but I will now. ajole | 05/22/06

Amazing... Isn't it? Wolfie2K3 | 05/22/06

How much money lengua99 | 05/23/06

So what you're saying is lengua99 | 05/23/06

Higher ground... Wolfie2K3 | 05/22/06

No, you forgot the rules itanalyst | 05/19/06

That's really not fair... angela_6uk | 05/20/06

Ah.. But they have... Wolfie2K3 | 05/22/06

Actually... zkiwi | 05/22/06

You are right, and they can't use table saws either! ajole | 05/22/06

Good Insight... Wolfie2K3 | 05/22/06

Sadly, you are correct about users being idiots ajole | 05/22/06

OpenOffice penguinpete | 05/19/06

Pretty good bet the answer is a resounding Linux User 147560 | 05/19/06

Message has been deleted. SouthernPride | 05/19/06

You do realize of course that you are now Linux Advocate | 05/20/06

Probably No itanalyst | 05/19/06

Not unless... Wolfie2K3 | 05/22/06

Message has been deleted. SouthernPride | 05/19/06

Again for your edification Linux Advocate | 05/20/06

Oh please SouthernPride | 05/20/06

Ah, but I do. Cardinal_Bill | 05/20/06

Flames are boring. tler | 06/02/06

If Diogenes were alive today rjhenn | 05/19/06

Noise . . . tler | 06/02/06

What a load of meaningess rants Bob G Beechey | 05/19/06

Ask Linux Luser he is an expert in all SouthernPride | 05/20/06

And again you initiate an unwarrented attack! Linux Advocate | 05/20/06

Flames tler | 06/02/06

The reason was never good enough IMHO CobraA1 | 05/20/06

afaik zkiwi | 05/22/06

Try... Wolfie2K3 | 05/22/06

Oh my Krazyken39 | 05/20/06

100% bug free . . . . ? tler | 06/02/06

Found The Fix Install this Update IceTheNet@... | 05/20/06

I tried your fix Loverock Davidson | 05/20/06

Grin IceTheNet@... | 05/20/06

This is the correct link SouthernPride | 05/20/06

The REAL correct link Bob G Beechey | 05/20/06

Real SC-man | 05/20/06

Open Office greenjavlin | 05/21/06

SUSE is as easy as Windo$e to install . . . almost. tler | 06/02/06

Merrlyn other_native | 05/20/06

Well one flawed concept SouthernPride | 05/21/06

Give Microsoft some slack rb_snow@... | 05/22/06

Windows turn TonyMcS | 05/30/06

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Whitepapers & Webcasts

Avoiding the Compliance Trap for Travel and Expenses Concur Technologies
Ipswitch WhatsUp Gold Distributed Edition v12 - Central Site Installation Ipswitch
Travel and Procurement: The Convergence Concur Technologies
An Introduction to Microsoft Dynamics CRM Online Microsoft