Scott's Weblog The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

Microsoft Word Vulnerability

Security researchers recently uncovered a zero-day vulnerability in Microsoft Word that allows attackers to install a backdoor Trojan horse on the affected computers.

More information on this vulnerability can be obtained from the following links:

Alert Raised for MS Word Zero-Day Attack <http://www.eweek.com/article2/0,1759,1965042,00.asp>

Microsoft Word Malformed Object Code Execution Vulnerability <http://secunia.com/advisories/20153/>

Microsoft Security Advisory (919637): Vulnerability in Word Could Allow Remote Code Execution <http://www.microsoft.com/technet/security/advisory/919637.mspx>

SecuriTeam Blogs: Mitigating Newly-Reported Word Vulnerability <http://blogs.securiteam.com/index.php/archives/421>

As described in the above articles, there are a number of ways to protect yourself against this vulnerability:

  • Don’t log in with administrative privileges. The exploit fails to work if the user doesn’t have administrative privileges.

  • Use an older version of Microsoft Office. The vulnerability only affects Word 2002/XP and Word 2003. Users of Word 2000 and earlier are apparently not affected.

  • Use the Word Viewer to view documents, as the Viewer is not affected by this vulnerability.

Anti-virus vendors are updating their signatures to try to catch this, but I wouldn’t rely solely upon anti-virus to protect against this vulnerability. A patch has not yet been released from Microsoft, which anticipates releasing a patch for this issue in June.

Metadata and Navigation

Be social and share this post!