Microsoft advisory warns exploits targeting newest Word vulnerability

Powered by SC Magazine
 

Microsoft is warning Word users of attackers exploiting a newly discovered - and "extremely critical" - vulnerability.

The software titan released an advisory today for the flaw, warning PC users of limited zero-day attacks.

Microsoft advised caution in opening email attachments and viewing websites, saying that, to infect a PC, an attacker must first dupe a targeted user into opening a malicious Word file.

Alexandra Huft, Microsoft security program manager, said on the Microsoft Security Response Center blog today that her company is aware of "very limited, targeted" attacks attempting to use exploit the flaw.

Microsoft has been criticised for failing to distribute patches for three other Word flaws during recent Patch Tuesday releases.

Secunia, ranked the flaw as "extremely critical," meaning it can be exploited by remote code and exploits are in the wild.

The vulnerability is caused due to an unspecified error when parsing Word documents, according to the vulnerability-reporting clearinghouse. The flaw exists in Word 2000, but other versions may also be affected.

Researchers at Symantec disclosed the flaw, also saying the issue is "extremely critical."

"An attacker could exploit this issue by enticing a victim to open a malicious Word file," according to Symantec. "If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user."

Click here to email Online Editor Frank Washkuch Jr.

 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Do you direct debit customers? Read this
Oct 10, 2014
Authorities have been targeting direct debit practices with iiNet and Dodo receiving formal ...
Optus expands 4G coverage
Oct 10, 2014
If you rely on an Optus phone for work you might be interested to know that there are now 200 ...
Microsoft Office is now free for some charities
Oct 10, 2014
Microsoft has announced that eligible Australian non-profit organisations and charities can now ...
Vodafone lights up 4G in Adelaide
Oct 9, 2014
Live and work in Adelaide? Vodafone has switched on its 4G network in the city and suburbs.
Next year tradies will be able to take payments using ingogo
Oct 3, 2014
Ingogo is going to provide a card payment service for Xero users.
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  25%
TOTAL VOTES: 346

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 144

Vote