Users of Microsoft Word have been left in the cold after a critical flaw in the ubiquitous Office programme was left unpatched by Microsoft.

Despite widespread reports of the “extremely critical” zero-day exploit,the September patch issue only contained three fixes, none of whichcovered the issue.

“It could be another month before the patch becomes available,” warnedAlan Bentley, managing director of PatchLink EMEA (pictured, above).”There have not been any widespread attacks on this exploit yet, but atleast forewarned is forearmed.”

Security company Symantec said it detected an exploit, which affectssystems running Windows 2000, in the shape of Trojan MDropper.Q.

This uses a two-step attack, exploiting the Microsoft Word vulnerabilityto drop another file, a new variant of Backdoor.Femo. “Microsoft Officevulnerabilities are a great platform for social engineering andemail-based attacks,” a Symantec security advisory reads. “Until avendor-supplied patch is made available and then installed, users shouldfollow safe computing practices and exercise extreme caution.”