Microsoft says Word 2000 flaw is limited to DoS attacks

Powered by SC Magazine
 

A newly reported vulnerability in Word is limited to DoS attacks and does not allow remote code execution, according to Microsoft.

"Denial of service is clearly not as critical as other recent issues," McAfee Avert Labs researcher Craig Schmugar said in a Friday blog post. "Looks like this targeted attack was flawed."

Still, with the latest bug, the total number of unpatched Word vulnerabilities has reached at least five. And on Feb. 2, Microsoft reported a zero-day exploit targeting Excel but potentially affecting other Office components.

This high number of outstanding flaws may change with today’s scheduled monthly security update, in which the software giant is expected to release a record dozen fixes, including two critical Office patches.

Many security experts have predicted Microsoft would release out-of-cycle fixes for the Word flaws since December. But Microsoft, which has only ever released two out-of-band patches, has held off.

Click here to email reporter Dan Kaplan.

 
 
 
Top Stories
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Images: the next frontier in data analytics?
Barclay’s global data chief says we’re still at the starting line.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Do you direct debit customers? Read this
Oct 10, 2014
Authorities have been targeting direct debit practices with iiNet and Dodo receiving formal ...
Optus expands 4G coverage
Oct 10, 2014
If you rely on an Optus phone for work you might be interested to know that there are now 200 ...
Microsoft Office is now free for some charities
Oct 10, 2014
Microsoft has announced that eligible Australian non-profit organisations and charities can now ...
Vodafone lights up 4G in Adelaide
Oct 9, 2014
Live and work in Adelaide? Vodafone has switched on its 4G network in the city and suburbs.
Next year tradies will be able to take payments using ingogo
Oct 3, 2014
Ingogo is going to provide a card payment service for Xero users.
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  26%
TOTAL VOTES: 414

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  55%
 
No
  45%
TOTAL VOTES: 194

Vote