Microsoft advisory warns exploits targeting newest Word vulnerability

By

Microsoft is warning Word users of attackers exploiting a newly discovered - and "extremely critical" - vulnerability.


The software titan released an advisory today for the flaw, warning PC users of limited zero-day attacks.

Microsoft advised caution in opening email attachments and viewing websites, saying that, to infect a PC, an attacker must first dupe a targeted user into opening a malicious Word file.

Alexandra Huft, Microsoft security program manager, said on the Microsoft Security Response Center blog today that her company is aware of "very limited, targeted" attacks attempting to use exploit the flaw.

Microsoft has been criticised for failing to distribute patches for three other Word flaws during recent Patch Tuesday releases.

Secunia, ranked the flaw as "extremely critical," meaning it can be exploited by remote code and exploits are in the wild.

The vulnerability is caused due to an unspecified error when parsing Word documents, according to the vulnerability-reporting clearinghouse. The flaw exists in Word 2000, but other versions may also be affected.

Researchers at Symantec disclosed the flaw, also saying the issue is "extremely critical."

"An attacker could exploit this issue by enticing a victim to open a malicious Word file," according to Symantec. "If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user."

Click here to email Online Editor Frank Washkuch Jr.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
advisoryexploitsmicrosoftnewestsecuritytargetingvulnerabilitywarnsword

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?