Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Microsoft Word Vulnerability

Security researchers recently uncovered a zero-day vulnerability in Microsoft Word that allows attackers to install a backdoor Trojan horse on the affected computers.

More information on this vulnerability can be obtained from the following links:

Alert Raised for MS Word Zero-Day Attack <,1759,1965042,00.asp>

Microsoft Word Malformed Object Code Execution Vulnerability <>

Microsoft Security Advisory (919637): Vulnerability in Word Could Allow Remote Code Execution <>

SecuriTeam Blogs: Mitigating Newly-Reported Word Vulnerability <>

As described in the above articles, there are a number of ways to protect yourself against this vulnerability:

  • Don’t log in with administrative privileges. The exploit fails to work if the user doesn’t have administrative privileges.

  • Use an older version of Microsoft Office. The vulnerability only affects Word 2002/XP and Word 2003. Users of Word 2000 and earlier are apparently not affected.

  • Use the Word Viewer to view documents, as the Viewer is not affected by this vulnerability.

Anti-virus vendors are updating their signatures to try to catch this, but I wouldn’t rely solely upon anti-virus to protect against this vulnerability. A patch has not yet been released from Microsoft, which anticipates releasing a patch for this issue in June.

Metadata and Navigation

Be social and share this post!