Third zero-day found in Microsoft Word
For the third time in a week, a zero-day flaw has been found in Microsoft Word. Users should be cautious when opening attachments from unknown sources.
Users have another reason to be careful when opening Word attachments sent by email: A researcher has discovered yet another zero-day flaw in the program.
 |
||||
|
|
|||
|
||||
The latest flaw, discovered by a researcher who calls himself "Disco Jonny," is the third Word zero-day found in the past week.
The French Security Incident Response Team (FrSIRT) rated the flaw critical in an advisory Thursday, describing the problem as a memory corruption error that surfaces when malformed documents are handled.
Attackers could exploit the flaw to run malicious commands on a targeted machine by tricking the user into opening a specially crafted Word document.
Disco Jonny included a proof-of-concept exploit in his online analysis.
Microsoft said it is investigating the flaw report. "Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers," a company spokesman said by email. "This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."
In the meantime, various security organizations are advising people to be cautious when opening email attachments from unknown sources.
Cupertino, Calif.-based antivirus giant Symantec Corp. also emailed customers of its DeepSight threat management service a list of recommended best practices to combat the threat.
The vendor suggested that users:
- Deploy network intrusion detection systems to monitor network traffic for malicious activity.
- Not accept or execute files from untrusted or unknown sources.
- Not follow links provided by unknown or untrusted sources.
- Implement multiple redundant layers of security.
