Wednesday, December 06, 2006

Microsoft Word security threat.

Microsoft has announced on 5th Dec they are investigating a report of zero day attacks on a Microsoft Word vulnerability.

The affected versions are MS word 2000 & 2002 Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.

The system is effected once the Word document that is send through email is opened or if the user opens the document sent through some other means by the attacker.

Websense the security firm says the exploit connects the system to remote sites which has Trojan downloaders to download additional payloads.

Secunia the security firm has given this a extremely critical rating which means people should excercise extreme caution before opening files from untrusted sources or suspicious files or unexpected files from trusted sources.

Microsoft is still investigating the report and will provide a security update through their monthly release process or provide an out-of-cycle security update. Meanwhile it is suggested to excercise caution while opening documents especially the ones that are received through emails.

Related reading:- Yet another vulnerability in Word.