Hackers turn Microsoft Office flaw into full-blown exploit

Microsoft is contending with a new Trojan exploit in its Office collaborative software suite that could allow remote attackers to take over vulnerable computers.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

The exploit takes advantage of a flaw in Microsoft's Jet database engine, which is a lightweight database used in the company's Office software.

Microsoft has known of the potential problem since April but the Trojan now circulating on the internet is the first real exploit of the flaw.

Microsoft says it is aware of the exploit and is considering whether it warrants a separate security patch.

The Trojan is sent to potential victims as a Microsoft Access file. Should this file be run by users, it would give remote attackers control of infected machines, said security software company Symantec.

Secunia, another internet security firm, said the flaw was "highly critical". Secunia said the problem related to a memory handling error when parsing database .mdb files in Microsoft Access.