Patch/Configuration Management, Vulnerability Management

Exploits target second Microsoft Word flaw found in a week

Microsoft has confirmed a new zero-day vulnerability affecting Word - the second in a week - as well as targeted exploits exploiting the flaw.

Vulnerability tracking firm Secunia said the "extremely critical" flaw, which affects Word 2000, 2002 and 2003 and Word Viewer 2003, is caused by an unspecified error when processing Word documents and can be exploited to compromise a user's system.

The Microsoft Security Response Center team said in a blog post Sunday that it was investigating "very, very limited and targeted" exploits.

According to McAfee, an exploit can occur if victims open a specially crafted Word document through email or on a malicious website.

MessageLabs reported on Sunday that its solution late last week stopped an email attack that attempted to exploit the new vulnerability to steal confidential information from a victim's machine. In a statement, the security firm said three copies of malware were delivered to "very specific people in high-profile organizations" as part of email Word attachments. The malicious documents claimed to contain a discussion about Iran's nuclear program.

Alex Shipp, anti-virus technologist for MessageLabs, told today that these types of attacks are likely to be successful because "no one's looking at Word documents. They're not expecting them (to be malicious). They are transferring Word documents all the time."

Microsoft, meanwhile, continues to investigate a proof-of-concept exploit for another Word flaw revealed last week.

Neither of the two Word bugs is expected to be addressed in Tuesday's monthly security update.

Shipp said Office vulnerabilities should only increase in prevalence.

"Office has a lot of complicated code and it's used by a lot of people, so it's a natural target for the bad guys," he said. "If there's complicated code, there's likely bugs in it, so the bad guys just find and exploit those bugs."

Click here to email Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.