Microsoft is advising users to run its Word
word-processing application in “safe” mode to limit the threat from
a recently discovered security flaw in the software.
Running Word in the safe mode will help to block known modes of
attack, although it will not fix the vulnerability, admits
Microsoft.
The company is planning to release an official fix for the flaw
by 13 June, which is the date of its next monthly security patching
day.
To run Word in safe mode, users have to disable Word as an
e-mail client and add the “/safe” appendage to the command line
that starts up Word. Instructions to do this have been issued by
Microsoft in an advisory.
To become open to attack a user must open a malicious Word
document sent in an e-mail attachment. The Word vulnerability
potentially allows remote attackers to take over a user’s
machine.
As users wait for a fix to the problem, an independent security
researcher has made available unofficial code to make it easier for
users to run Word in safe mode.
Matthew Murray has issued the code via his SecuriTeam blog. The
independent code is not endorsed by Microsoft, which has warned
that it could change the way other Microsoft apps work.