The attacks use specially crafted Word files to target a vulnerability in Microsoft's Jet DB, a database component used in the productivity suite.
The company issued an advisory outlining the attacks, which were classified as "very limited" and aimed at specific targets.
McAfee researcher Craig Schmugar suggested in a blog posting that the attacks could indicate a shift in strategy.
Attackers have typically exploited Microsoft Jet DB vulnerabilities through MDB files, and Microsoft has always stuck to its MDB files are unsafe story, wrote Schmugar. "Well that has changed," he added.
Microsoft said that Windows Vista and the recent Service Pack 1 upgrade are not vulnerable to the buffer overflow used in the attack. The Service Pack 2 version of Office 2003 is also immune.
The company is investigating the attacks, and has not yet decided whether to patch the flaw immediately or wait until next month's scheduled security update. Microsoft has advised users not to open files from untrusted sources.
The vulnerability allows an attacker to access the system with the rights of the current user, and Microsoft said that administrators can minimise this risk by putting controls on non-administrator accounts.
Microsoft warns of new Office attack
By Shaun Nichols on Mar 26, 2008 7:00AM