On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet
115 TalkBacks

By Joris Evers
Posted on ZDNet News: Dec 6, 2006 7:15:00 AM

A yet-to-be-patched security hole in multiple versions of Word is being exploited in cyberattacks, Microsoft warned late Tuesday.

The attacks are "limited," according to a Microsoft security advisory. The Redmond, Wash.-based software maker is developing a security update that addresses the vulnerability, it said.

The vulnerability is similar to previous so-called zero-day flaws that have hit Office applications in recent months. An attacker could rig a Word file in such a way that he would gain complete control over a vulnerable PC when the file is opened, Microsoft said in its advisory.

An attacker could exploit the flaw by hosting a Web site with a malicious Word file or send an e-mail with the file as an attachment. In all cases, the target would have to open the file to be compromised, Microsoft said.

Security experts have said the limited-scale attacks are the most dangerous. Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern, since they can be blocked. Instead, especially for businesses, targeted Trojan horses have become nightmares, as they can fly under the radar.

The latest Office vulnerability affects Word 2000, Word 2002, Word 2003, Microsoft Word Viewer 2003, Word 2004 for Mac, Word 2004 version X for Mac, as well as Works 2004, 2005 and 2006, Microsoft said. As a way of protection, Microsoft suggests not opening or saving Word files from unknown sources or that arrive unexpectedly.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 115 Talkback(s)
Marketing post by WebSense employee
It should be pointed out the poster is an employee of WebSense. It seems like you just can't get away from ads these days, not even on the boards!... (Read the rest)
Posted by: ejhonda Posted on: 12/13/06 You are currently: a Guest | | Terms of Use
Thank goodness for diversity  Boot_Agnostic | 12/06/06
Cute  zkiwi | 12/06/06
FSVO "Cute"  Yagotta B. Kidding | 12/06/06
New and improved flaws  cdgoldin | 12/06/06
Yes and no  ken_ballard@... | 12/06/06
Speaking from experience  Yagotta B. Kidding | 12/06/06
Also speaking from experience  cdgoldin | 12/06/06
OO dot oh-oh  Yagotta B. Kidding | 12/06/06
OpenOffice issues  Scrat | 12/07/06
Open Office Issues  jkaplenk@... | 12/07/06
the "crud" that Open Office "strips out" constitutes most of the formatting  nomorems | 12/06/06
Bittersweet irony  xuniL_z | 12/07/06
Yawn and oh so typical  Laff | 12/06/06
Likewise with Apple software  NonZealot | 12/06/06
I don't know about that...:)  Laff | 12/06/06
Dont feed the troll  frgough | 12/06/06
Huh?  NonZealot | 12/06/06
OK....lets cut to the chase here my friend.  Laff | 12/06/06
Of course it's more likely  xuniL_z | 12/06/06
Well which OS OSX or OS9 and prior?  Laff | 12/07/06
I clearly stated  xuniL_z | 12/07/06
Apple's invulnerability...  Information_z | 12/06/06
Nope no run of viri for the Mac nor malware in general.  Laff | 12/07/06
yes but...  mtroute@... | 12/07/06
According to Apple their current user base ...  ShadeTree | 12/07/06
Estimate of all Mac users including older OS's like 9 and such.  Laff | 12/07/06
Your  Rick_K | 12/06/06
Huh?  NonZealot | 12/06/06
Not at all.  Rick_K | 12/06/06
Jim brought up Apple  NonZealot | 12/06/06
Your Zealotry has blinded you  Rick_K | 12/06/06
Ok, let's then resort to Apple Zealotry  xuniL_z | 12/06/06
WinZealot  b.d.hi | 12/06/06
WinZealot  b.d.hi | 12/06/06
Why you had to post that twice is beyond me  mdsmedia | 12/07/06
LOL  fuzzy2k | 12/06/06
Really?  NonZealot | 12/06/06
Quick, change the subject  Rick_K | 12/06/06
Which facts?  xuniL_z | 12/06/06
It's not a hatred of Apple....  mdsmedia | 12/07/06
You got it 99% right  NonZealot | 12/07/06
links please?  fuzzy2k | 12/06/06
I always provide links when asked  NonZealot | 12/06/06
It was a windows pc that infected the iPods.  Rick_K | 12/06/06
Rick, I'm glad I've finally made you see the light  NonZealot | 12/06/06
Seriously?  fuzzy2k | 12/06/06
Typical Mac zealot rationalization  NonZealot | 12/06/06
NonZealot  b.d.hi | 12/06/06
NonZealot b  b.d.hi | 12/06/06
Typical Mac zealot...  NonZealot | 12/06/06
Get hardening!  whisperycat | 12/06/06
Great idea!  ejhonda | 12/06/06
New Word zero-day used in attacks  Loverock Davidson | 12/06/06
Are you trying to be funny?  andy88488 | 12/06/06
Oh he's serious  Shelendrea | 12/06/06
Don't be a cynic  critic-at-arms | 12/06/06
The problem with that  xuniL_z | 12/06/06
MS war- NZ would say, started by a Mac PoC,  hirez | 12/06/06
You're right on both counts  critic-at-arms | 12/06/06
You need to spice it up  TripleII | 12/06/06
Oh yeah?  Raymond Danner | 12/06/06
Yeah, limited...  jasonp@... | 12/07/06
Live MS free, or die!  Reverend MacFellow | 12/06/06
It's worse than imagined  xuniL_z | 12/06/06
I find this highly amusing  Shelendrea | 12/06/06
People are the main problem  lfugate@... | 12/06/06
I SOOOOOO AGREE!!!!!!  Jeff Hayes | 12/06/06
No doubt you are correct....  shawkins | 12/06/06
MS and their slow responce times are REAL problem  t3st3r | 12/07/06
Marvel and wonder  mikecepek | 12/06/06
Anyone else notice . . .  critic-at-arms | 12/06/06
I've noticed one other thing  NonZealot | 12/06/06
I wish you were right  critic-at-arms | 12/06/06
No, people don't get hit  NonZealot | 12/06/06
I think you are confusing  fuzzy2k | 12/06/06
Being used in attacks  NonZealot | 12/06/06
I know what FUD is . . .  critic-at-arms | 12/06/06
My thoughts exactly.  Graham Fluet | 12/06/06
NZ is a nutter  hirez | 12/06/06
Isn't that very similar to people sometimes oh say YOU  Laff | 12/06/06
Huh?  NonZealot | 12/06/06
Exactly!!  mdsmedia | 12/07/06
Until someone loses an eye  Yagotta B. Kidding | 12/06/06
Careful, you might make the Mac zealots nervous  NonZealot | 12/06/06
WinZealot atttacks Apple  Rick_K | 12/06/06
You lost the argument before you began  NonZealot | 12/06/06
You lost, you just don't realize it  Rick_K | 12/06/06
Rick, you are HILARIOUS!!  NonZealot | 12/06/06
Don't make me STOP this post and come back there!  Laff | 12/06/06
But HE STARTED IT!!!  NonZealot | 12/06/06
Jim  Rick_K | 12/06/06
Do you?  mdsmedia | 12/07/06
Escuse Me?  Graham Fluet | 12/06/06
Highway 666 was renamed for the politically-correct  critic-at-arms | 12/06/06
Vas you dere, Sharley?  Yagotta B. Kidding | 12/06/06
You're right on both counts  critic-at-arms | 12/06/06
The applicable advisory  peterbk@... | 12/06/06
You get what you deserve  critic-at-arms | 12/06/06
.rtf is at least "open"...  astro_z | 12/06/06
So what makes this a...  Cardinal_Bill | 12/06/06
A Zero-day attack...  Graham Fluet | 12/06/06
Ooopppsss...  Cardinal_Bill | 12/06/06
Not on mac  themacthinker | 12/06/06
Websense attack vectors  Smartchive | 12/06/06
Marketing post by WebSense employee  ejhonda | 12/13/06
NonZealot = WinZealot  b.d.hi | 12/06/06
So poetic I had an infarction! NZ = utube!  hirez | 12/06/06
WZ  fuzzy2k | 12/06/06
You don't get paid for this?  NonZealot | 12/06/06
ready set go.....snoooze  hirez | 12/06/06
HUH IMAGINE THAT  rhowerton@... | 12/06/06
... And we're trusting M$ to make Vista safer WHY???  Mr. Roboto | 12/06/06
Because nobody else has the keys?  Yagotta B. Kidding | 12/06/06
Thank you Microsoft - We will save much money  reit@... | 12/09/06
Stupid is as Stupid does---I like that  texan46 | 12/12/06

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and