Users warned on third MS Word flaw in two weeks

Researchers have exposed a third serious unpatched flaw in Microsoft Word – the third in two weeks – and are warning users to take extra care when opening unknown Word files.

  • E-Mail
By  Eliot Beer Published  December 15, 2006

Researchers have exposed a third serious unpatched flaw in Microsoft Word, and are warning users to take extra care when opening unknown Word files. The vulnerability is the third one to come to light in less than two weeks (see here and here for information on previous flaws). The latest bug also has the potential to allow hackers to gain control of a machine through a maliciously-crafted Word document. At the time of writing, it is unclear which versions of Word are affected by this latest vulnerability. The previous flaws have affected all versions since Word 2000 – the first vulnerability revealed this month also affected Word for Apple Macs. The United States Computer Emergency Readiness Team (US-CERT) issued the following advice: “Do not open unfamiliar or unexpected Word or other Office documents, particularly those hosted on web sites or delivered as email attachments. “Do not rely on file name extension filtering: in most cases, Windows will call Word to open a document even if the document has an unknown file extension,” added the security advice. The full advisory notice is here. Microsoft has not yet advised users when it will issue updates for the three latest vulnerabilities. Users should ensure Automatic Updates are switched on in Windows XP, or regularly check the Microsoft Update site (http://update.microsoft.com).

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code