News

Microsoft hit by new Word security flaw

Microsoft has confirmed a new security vulnerability in Microsoft Word, just days after it patched a number of other Office vulnerabilities as part of its monthly patching cycle.

There is no patch for the latest vulnerability, and there are suggestions that attackers are waiting for Microsoft to release its monthly patches before taking advantage of new flaws.

The vulnerability appears in both the Microsoft Office 2000 and Microsoft Office XP productivity suites, and Microsoft says attackers have reportedly already carried out “limited targeted attacks” using the vulnerability.

Internet security software firm Secunia said the vulnerability is caused due to an unspecified error when parsing Word documents and can be exploited to cause memory corruption.

Successful exploitation also allows execution of arbitrary code, said Secunia, which classed the flaw as “highly critical”, as it was already being exploited.

In order for this attack to be carried out, said Microsoft, a user must first open a malicious Office file attached to an e-mail.

Microsoft has added detection to its own Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit the vulnerability.

The majority of web users though will have to wait for Microsoft to provide a patch for the threat, unless different security software suppliers speedily add their own updated scanning engine protection. 

Microsoft said it would consider issuing a security patch for the flaw as part of its monthly schedule or sooner. The next scheduled patching date is 13 March.

Microsoft patch release is Vista-free

David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security

Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management

Comment on this article: computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy