Microsoft says Word 2000 flaw is limited to DoS attacks

Powered by SC Magazine
 

A newly reported vulnerability in Word is limited to DoS attacks and does not allow remote code execution, according to Microsoft.

"Denial of service is clearly not as critical as other recent issues," McAfee Avert Labs researcher Craig Schmugar said in a Friday blog post. "Looks like this targeted attack was flawed."

Still, with the latest bug, the total number of unpatched Word vulnerabilities has reached at least five. And on Feb. 2, Microsoft reported a zero-day exploit targeting Excel but potentially affecting other Office components.

This high number of outstanding flaws may change with today’s scheduled monthly security update, in which the software giant is expected to release a record dozen fixes, including two critical Office patches.

Many security experts have predicted Microsoft would release out-of-cycle fixes for the Word flaws since December. But Microsoft, which has only ever released two out-of-band patches, has held off.

Click here to email reporter Dan Kaplan.

 
 
 
Top Stories
NSW to build its own myGov
Service NSW digital profiles available by September.
 
Australia's leaders agree to end GST-free online goods
Gerry Harvey may finally get his way.
 
What to expect from Abbott's national cyber security strategy
Key policy architect reveals focus of new document.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Microsoft reveals Microsoft Send, a new enterprise chat app to rival Slack
Jul 27, 2015
Microsoft Send is MSN Messenger for grownups, and you could be using it at work very soon
Developers offered $500,000 grants to find HoloLens uses
Jul 8, 2015
Can augmented-reality end up in business?
Microsoft Tossup: The planning app for unorganised groups of friends
Jul 8, 2015
App allows friends to research venues, vote on plans and chat. And depending on how you run your ...
Windows 10 drops 29 July... but only for some
Jul 6, 2015
If you've reserved your copy of Windows 10 and are keenly awaiting its 29 July release, don't ...
Xerocon is heading to Melbourne!
Jul 1, 2015
We're not saying Xero is our FAVOURITE or anything, but Xero's 2015 Xerocon conference is being ...
Latest Comments
Polls
Should law enforcement be able to buy and use exploits?



   |   View results
Yes
  13%
 
No
  51%
 
Only in special circumstances
  17%
 
Yes, but with more transparency
  18%
TOTAL VOTES: 676

Vote