New Microsoft Word bug targeted by Trojans

Hackers are targeting another unpatched flaw in Microsoft’s Word software, along with last week’s still-open vulnerability, which the vendor will not patch with tomorrow’s releases.

  • E-Mail
By  Eliot Beer Published  December 11, 2006

Hackers are targeting another unpatched flaw in Microsoft’s Word software, along with last week’s still-open vulnerability, which the vendor will not patch with tomorrow’s releases. The new bug affects Windows versions of the Word office software, including versions 2000-2003, and Word Viewer 2003. It does not affect Mac versions, unlike the previous vulnerability, nor the new Word 2007. The flaw is another memory control bug, according to researchers at the Microsoft Security Response Center (MSRC), who have confirmed it is a separate problem from last week’s bug announcement (see here). “From the initial reports and investigation we can confirm that the vulnerability is being exploited on a very, very limited and targeted basis,” said Scott Deacon of the MSRC, in the organisation’s blog. This means there are a very limited number of Trojans taking advantage of the flaw, and there is not a widespread exploit in the wild at this time. Microsoft’s advice for users with affected versions remains the same as the previous incident: “Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file.” This news comes one day before Microsoft’s regular Patch Tuesday round of updates. The vendor had already confirmed it will not be patching the earlier bug in this month’s releases; no security updates for Microsoft Word or Office are listed on its advisory bulletin ahead of Tuesday’s release.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code