Microsoft released an advisory Wednesday of exploits actively targeting a zero-day vulnerability in Word.
Microsoft warned users to practice extreme caution when opening Office attachments.
The Redmond, Wash.-based corporation is aware of "limited, targeted attacks" against Word using a flaw in Word 2000 and Office XP, according to Microsoft’s advisory.
In order for an attack to be carried out, a user must open a malicious Office file attached to an email or posted on a website, according to a Microsoft spokesman.
The vulnerability exists in Office versions 2000 and XP and Word versions 2000 and 2002, according to Secunia, which ranked the flaw as "extremely critical," meaning it can be exploited for remote access and exploits are in the wild.
The flaw is caused due to an unspecified error in the parsing of Word documents, according to the Danish vulnerability clearinghouse.
US-CERT advised Office users to disable automatic opening of Microsoft Office documents, not rely on file name extension filtering and exercise caution opening Word documents.
The other outstanding Word exploit, some dating back to early December, were patched in Tuesday's security update.
Click here to email Online Editor Frank Washkuch.