On The Insider: Paula Abdul to "Judge" on New Show
BNET Business Network:
BNET
TechRepublic
ZDNet
51 TalkBacks

By Joris Evers
Posted on ZDNet News: Jan 25, 2007 11:57:00 PM

Watch out for malicious Word documents.

Another previously undocumented, yet-to-be-patched security vulnerability in Microsoft Word is actively being exploited in cyberattacks, Microsoft said Thursday.

The vulnerability is the fourth zero-day vulnerability to arise in the Microsoft application in two months. Microsoft hasn't provided patches for any of the flaws, despite acknowledging that the holes are being used in attacks on its customers.

"There have been very limited attacks reported that are attempting to use the reported vulnerability at this time," a Microsoft representative said Thursday in a statement about the latest problem. The company is investigating this latest report and may issue a patch, if needed, the representative said.

The newest problem allows an attacker to hijack systems running Word 2000 and causes a crash of Word 2003 and Word XP, Symantec said in an alert Thursday. "An attacker could exploit this issue by enticing a victim to open a malicious Word file," the Cupertino, Calif.-based security company said.

Security experts have said the limited-scale attacks are the most dangerous. Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern because they can be blocked. Instead, especially for businesses, targeted Trojan horses have become nightmares, as they can fly under the radar.

Symantec advises people to make sure their security software is up-to-date and urges caution when opening Word documents. Businesses should put policies in place to prevent Word documents from being distributed to users, Symantec said.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 51 Talkback(s)
"ZERO-DAY" IS MEANINGLESS
Enough with this stupid moniker. Whatever ZDNet means by this can be said using REAL TERMS.

Trying to be all "leet" by making up terms? How's this for elite: Go to journalism school and learn to write properly before you embarrass your company.... (Read the rest)
Posted by: dgurney Posted on: 01/31/07 You are currently: a Guest | | Terms of Use
openoffice here  galileon | 01/25/07
umm, no....  EJHonda | 01/26/07
Where's the risk?  SpikeyMike | 01/26/07
Thanks!  mike_corum@... | 01/26/07
Space to improuve.  preferatele12@... | 01/26/07
kOffice  Boot_Agnostic | 01/26/07
AbiWord also seems very good.  slim-01 | 01/26/07
What is Symantec thinking?  DangDaCommonCentz | 01/26/07
Distribute OOo ODTs instead?  Logics | 01/26/07
Oh, I dunno  Jambalaya Breath | 01/27/07
Oh, I dunno  Jambalaya Breath | 01/27/07
Another Word zero-day bug used in attacks  Loverock Davidson | 01/26/07
Another hopeless atempt to spin un-fitness for purpose positively  whisperycat | 01/26/07
Speaking of spinning  Loverock Davidson | 01/26/07
Actually....  Zeppo9191 | 01/26/07
How do you explain this then Lovey?  Shelendrea | 01/26/07
Easy  Loverock Davidson | 01/26/07
And YET the attacks ARE Happening (nt)  mdsmedia | 01/26/07
Okay, now . . .  critic-at-arms | 01/26/07
If Loverock is paid for what he says here Microsoft is getting ripped off.  slim-01 | 01/26/07
Ok now...  Loverock Davidson | 01/26/07
Not a POSSIBLE EXPLOIT....AN EXPLOIT  mdsmedia | 01/26/07
Ahh, but...  Zeppo9191 | 01/26/07
And his stretching MS's brush off  mdsmedia | 01/27/07
Anyone with smarts...  SpikeyMike | 01/26/07
First I didn't name call in that post. I sometimes do but only to the  slim-01 | 01/28/07
You need to compare Limited Attacks in Word & No Know Attack in OpenOffice  slim-01 | 01/26/07
Spoken like a true Microsoft Evangelist!  Zeppo9191 | 01/26/07
Just not MSFT's week  Chad_z | 01/26/07
Did you notice . . .  critic-at-arms | 01/26/07
It's never  Jambalaya Breath | 01/27/07
Hmm... Maybe migration is in order?  thetargos | 01/26/07
StarOffice? The Suite?  critic-at-arms | 01/26/07
Where's No_Ax?  critic-at-arms | 01/26/07
I replaced GoToMyPC...  Logics | 01/26/07
That's OK we have Loverock. He & No_Axe are both MS lovechilds.  slim-01 | 01/26/07
Double Click in ZDNet Forum  me@... | 01/26/07
I don't have that problem  mdsmedia | 01/27/07
and this is news?  bblackmoor@... | 01/26/07
people should know better by now...  GrizzledGeezer | 01/26/07
You're right, as far as that goes . . .  critic-at-arms | 01/26/07
True. I have watch the Controller who was in charge of the network & PCs  slim-01 | 01/26/07
So instead of patching the software...  Logics | 01/26/07
Why do you hate Microsoft so much?  MacCanuck | 01/26/07
It's a convicted abusive mono0poly?  epcraig | 01/26/07
its sad  corticus | 01/26/07
Sadder yet,...  Logics | 01/26/07
Oh sure!!  mdsmedia | 01/27/07
HOW CAN COMPUTERS BE SO VULNERABLE?  BALTHOR | 01/26/07
A Microsoft flaw isn't a flaw until...  bidemytime | 01/26/07
"ZERO-DAY" IS MEANINGLESS  dgurney | 01/31/07

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads