Patch/Configuration Management, Vulnerability Management

Attackers aim for Microsoft Word flaw

Microsoft this week warned Office users that attackers are exploiting a zero-day flaw in Microsoft Word.

In an advisory issued Tuesday, Microsoft reported that an attacker could attach a specially-crafted Word document to an email or infect a PC via a malicious website containing such a document.

Microsoft Office flaws, many exploited just after Patch Tuesday, have become common in recent months.

The just-discovered flaw exists in Word versions 2000, 2002, 2003, Word Viewer 2003, Word 2004 for Mac, Word 2004 X for Mac, and Microsoft Works versions 2004, 2005 and 2006.

The vulnerability, rated "extremely critical," is caused by an unspecified error in the handling of Word documents and can be exploited to cause memory corruption, according to vulnerability monitoring clearinghouse Secunia.

The Redmond, Wash. company advised users to practice extreme caution when opening Word documents attached to email.

Microsoft is investigating reports of a proof-of-concept exploit for the flaw, according to a post written today by researcher Alexandra Huft on the Microsoft Security Response Center blog.

Click here to email Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.