Microsoft released an advisory Monday for the recently reported MS Word vulnerability that could open up affected PCs to remote code execution.
The Redmond, Wash., computing giant did not, however, hint at whether it would release an early patch for the flaw before the next scheduled Patch Tuesday release on June 9.
The company said it was getting reports of only limited zero-day attacks on affected systems running Word XP and Word 2003. For the attacks to be carried out, users must first open malicious documents attached to an email, according to Microsoft.
"The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the June security updates on June 13, or sooner as warranted," according to Microsoft’s advisory.
The company also noted that it was concerned the vulnerability was not disclosed properly.
Symantec warned PC users last week about activity surrounding the flaw, including malicious PowerPoint slides and Excel charts, a trojan called Backdoor.Ginwui and a malicious Word document called Trojan.Mdropper.H.
Microsoft recommended that users not open or save Word files from untrusted sources and always use Word in Safe Mode.
In a security bulletin also released on Monday, eEye Digital Security said attacks have been carefully crafted so far.
"It should be noted that these attacks are currently extremely targeted. Across various organizations, only a small handful of systems have been attacked," said the advisory. "These emails were at least somewhat hand crafted for the people targeted for the attack. Administrative privileges are required for the code to operate properly, although administrative privileges are not required for the security vulnerability itself."
The SANS Institute’s Internet Storm Center pointed out inconsistencies between the two advisories.
Microsoft said the flaw affected Word 2002 and XP, while Word 2000 is not vulnerable. eEye said the flaw affects Word 2000 as well as the two other OSs, adding that the second version of this exploit affects all three versions of the program, according to the Internet Storm Center.