Trojan targets unpatched Word flaw (again)
PrintDouble trouble
Posted in Software & Security, 11th December 2006 12:17 GMT
Free whitepaper – Managing desktop software for fun and profit
Microsoft has warned of another unpatched vulnerability in Word. The unspecified code execution flaw means hackers can load malware onto targeted machines providing users are tricked into opening maliciously constructed Word files.
The latest vulnerability in Microsoft's ubiquitous Office application software follows the discovery of a similar - also unpatched - memory corruption bug in Word last week. That flaw affected Mac as well as Windows versions of Word, whereas "this week's bug" is limited to Word 2000, 2002, 2003, and Word Viewer 2003. Both flaws are being exploited in low-intensity Trojan attacks.
As a result of these attacks, Microsoft advises users "not [to] open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources". This a pretty strict injunction - which labels the common practice of sending document files by email as inadvisable - at least until Microsoft releases patches to address the flaws.
Unfortunately, Microsoft confirmed last week that this will not happen on its next Patch Tuesday, 12 December, which will see five security patches for Windows (at least one of which is critical) but no Office updates. Word users are unlikely to see a patch until the new year. ®
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Dell PowerEdge M710 with Dell EqualLogic storage vs. HP ProLiant BL685c with HP StorageWorks EVA 4400
Seven ways to optimize VMware server virtualization
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs