Hackers exploit Word vulnerability

News

Hackers exploit Word vulnerability

Both Symantec and security researchers have claimed hackers are exploiting an unpatched vulnerability in Microsoft Word that could allow them to take control of a victim's computer.

The zero-day vulnerability is the latest in a string affecting Microsoft's Word 2000 software that has yet to be patched, and is said to affect most versions of Windows running Word.

Danish security firm Secunia also reported the vulnerability, and rated it as "extremely critical”.

The attack comes via an infected Word document, which, if opened, installs a Trojan called Trojan.Mdropper.W, onto the computer. The Trojan also puts other files on a computer that enable a hacker to control it.

Microsoft recently released three sets of critical patches – for Outlook, PowerPoint and Windows – but not for Word.

The best way of avoiding the Trojan is to delete e-mails containing unexpected Word documents. However, Word documents are ubiquitous, and there is always an unsuspecting victim somewhere.

Meanwhile Microsoft is expected to use this week’s RSA conference to announce a new web technology to combat phishing. It plans to announce that a number of websites have gone through a new certification process designed to make it harder for phishers to spoof them.

The process reportedly gives third-party certification authorities like VeriSign and Entrust a more stringent set of guidelines to follow when they are authenticating websites.

Another new technology to combat phishing? I think we’ve heard that before. It didn’t stop phishing before, and I doubt it will this time either.

Read David Lacey’s security blog

Read Stuart King’s risk management blog

Comment on this article: computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy