Web Design Brisbane - Raycon Web Design Brisbane - Raycon

Articles

View full article list

Microsoft Word Zero Day Vulnerability

Mark Edwards
11-12-2006

A new, and currently unpatched vulnerability in Microsoft Word exposes computer users to hackers.



Symantec believes that an outbreak exploiting this weakness is imminent as hackers move to expoloit it before Microsoft releases a patch.



Zero-day flaws are ones for which no patch exists.



Microsoft is readying a security update for Word that repairs this vulnerability. The fix is scheduled to be released as part of the June 13 security updates, or sooner, if warranted.



The malicious software arrives as a Microsoft Word file attachment to an e-mail message. When the document is opened by the user, the vulnerability is triggered. In the one recorded instance, a Japanese case, the Word document actually displayed some text related to a treaty with China, but while the text was displayed, a backdoor was installed on the system. Backdoor software allows intruders to enter computers without the user's knowledge.



The backdoor software then alerts its masters by pinging an IP address located in Asia to let them know it has been successful and is awaiting commands.



Exploitation of the security hole so far is only known as part of a single, targeted attack, however, with the disclosure of this previously unknown vulnerability, new attackers may begin to exploit it in a widespread manner.



The targeted attack can bypass spam filters, and Symantec's antivirus software doesn't yet detect the particular Word file as malicious.



Microsoft and Symantec urge caution in the opening of Word documents received as an unexpected e-mail attachment.









From Microsoft:



Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.



In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.



As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.



The full information:

www.microsoft.com/technet/security/advisory/929433.mspx

View full article list