Security Architecture, Application security, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Exploit for patched Microsoft Word flaw hits the wild


Virus writers are actively exploiting a memory corruption vulnerability in Microsoft Word that was patched on Tuesday, researchers said today.

The flaw, which, according to Microsoft, was being exploited in targeted attacks prior to Tuesday's fix, is rated "extremely critical" by vulnerability tracking firm Secunia. It affects Microsoft Office 2000, Office XP and Office 2004 for Mac.

PCs can be compromised if they open a specially crafted Office file that contains an exploit, according to the Secunia advisory. The exploit drops a trojan, dubbed Mdropper.Z by Symantec.

Alfred Huger, vice president of engineering at Symantec Security Response, told today that this scenario is nothing new. Once attackers realize their discovery has been patched, they either start spreading the attack in a widespread manner or sell the exploit code to interested buyers.

Word is an attractive target, he said.

"It has a tremendously large user base," Huger said. "We normally see any user application that has a large footprint like this is going to be targeted first (after Patch Tuesday)."

Symantec researchers have only received one in-the-wild attack submission from a customer, but they believe the exploit is being heavily distributed.

Users should be wary of opening files from untrusted sources, in addition to attachments from trusted sources that they were not expecting to receive.

Microsoft is investigating reports of malware exploiting the patched vulnerability, a company spokesman told today in an email.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.