Microsoft is advising users to run its Word word-processing application in “safe” mode to limit the threat from a recently discovered security flaw in the software.
Running Word in the safe mode will help to block known modes of attack, although it will not fix the vulnerability, admits Microsoft.
The company is planning to release an official fix for the flaw by 13 June, which is the date of its next monthly security patching day.
To run Word in safe mode, users have to disable Word as an e-mail client and add the “/safe” appendage to the command line that starts up Word. Instructions to do this have been issued by Microsoft in an advisory.
To become open to attack a user must open a malicious Word document sent in an e-mail attachment. The Word vulnerability potentially allows remote attackers to take over a user’s machine.
As users wait for a fix to the problem, an independent security researcher has made available unofficial code to make it easier for users to run Word in safe mode.
Matthew Murray has issued the code via his SecuriTeam blog. The independent code is not endorsed by Microsoft, which has warned that it could change the way other Microsoft apps work.