TechTarget

Microsoft hit by new Word security flaw

Microsoft has confirmed a new security vulnerability in Microsoft Word, just days after it patched a number of other Office vulnerabilities as part of its monthly patching cycle.

Microsoft has confirmed a new security vulnerability in Microsoft Word, just days after it patched a number of...

other Office vulnerabilities as part of its monthly patching cycle.

There is no patch for the latest vulnerability, and there are suggestions that attackers are waiting for Microsoft to release its monthly patches before taking advantage of new flaws.

The vulnerability appears in both the Microsoft Office 2000 and Microsoft Office XP productivity suites, and Microsoft says attackers have reportedly already carried out “limited targeted attacks” using the vulnerability.

Internet security software firm Secunia said the vulnerability is caused due to an unspecified error when parsing Word documents and can be exploited to cause memory corruption.

Successful exploitation also allows execution of arbitrary code, said Secunia, which classed the flaw as “highly critical”, as it was already being exploited.

In order for this attack to be carried out, said Microsoft, a user must first open a malicious Office file attached to an e-mail.

Microsoft has added detection to its own Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit the vulnerability.

The majority of web users though will have to wait for Microsoft to provide a patch for the threat, unless different security software suppliers speedily add their own updated scanning engine protection. 

Microsoft said it would consider issuing a security patch for the flaw as part of its monthly schedule or sooner. The next scheduled patching date is 13 March.

Microsoft patch release is Vista-free

David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security

Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management

Comment on this article: computer.weekly@rbi.co.uk

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close