Patch/Configuration Management, Vulnerability Management

Another Microsoft Word zero-day flaw found


Another Microsoft Word zero-day vulnerability has been discovered - the fourth in two months.

The flaw can be exploited by hackers to execute arbitrary code and compromise computers through Word 2000 and 2003 and Windows XP, according to security experts at Symantec, who rated the problem "extremely critical."

"An attacker could exploit this issue by enticing a victim to open a malicious Word file," the anti-virus firm said in an advisory. "If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user."

The Redmond, Wash. software giant is yet to patch any of the Word vulnerabilities found over the past couple of months and is unlikely to provide a solution before Feb. 13, when the company is set to issue its monthly updates.

"There have been very limited attacks reported that are attempting to use the vulnerability at this time," a Microsoft spokesperson said in a statement. "Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.