Third zero-day found in Microsoft Word

For the third time in a week, a zero-day flaw has been found in Microsoft Word. Users should be cautious when opening attachments from unknown sources.

Users have another reason to be careful when opening Word attachments sent by email: A researcher has discovered yet another zero-day flaw in the program.

Zero day news:
Dec. 11: Microsoft suffers third zero-day in a week

Dec. 7: Zero-day flaw found in Windows Media Player

Dec. 6: New zero-day affects Microsoft Word

Nov. 6: Microsoft eyes second zero-day threat in a week

Nov. 1: Zero-day attacks target Microsoft Visual Studio

Sept. 19: Zero-day attack targets IE

July 18: Microsoft plans PowerPoint zero-day patch

Jun. 16: Microsoft Excel zero-day flaw discovered

May 19: Zero-day threat targets Microsoft Word

The latest flaw, discovered by a researcher who calls himself "Disco Jonny," is the third Word zero-day found in the past week.

The French Security Incident Response Team (FrSIRT) rated the flaw critical in an advisory Thursday, describing the problem as a memory corruption error that surfaces when malformed documents are handled.

Attackers could exploit the flaw to run malicious commands on a targeted machine by tricking the user into opening a specially crafted Word document.

Disco Jonny included a proof-of-concept exploit in his online analysis.

Microsoft said it is investigating the flaw report. "Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers," a company spokesman said by email. "This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

In the meantime, various security organizations are advising people to be cautious when opening email attachments from unknown sources.

Cupertino, Calif.-based antivirus giant Symantec Corp. also emailed customers of its DeepSight threat management service a list of recommended best practices to combat the threat.

The vendor suggested that users:

  • Deploy network intrusion detection systems to monitor network traffic for malicious activity.
  • Not accept or execute files from untrusted or unknown sources.
  • Not follow links provided by unknown or untrusted sources.
  • Implement multiple redundant layers of security.

Read more on Operating systems software