Scott's Weblog The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

New Zero-Day Word Vulnerability

This new zero-day vulnerability has only been confirmed on Word 2000, but may also work on newer versions of Word as well. Security firm Secunia has issued an advisory with more information. eWeek is also providing information on the newly discovered vulnerability.

Fortunately, anti-virus vendors are on top of this one; Symantec already has information on the malicious software that is being installed by the exploit of this vulnerability. The threat factor posed by this malware is fairly low, but could rise if this vulnerability continues to be exploited actively.

To protect yourself, there are only a few things you can do:

  • Don’t open untrusted documents. If you weren’t expecting the Word document from a known colleague, it may be best to not open that attachment.

  • Keep anti-virus signatures up to date.

  • Switch to OpenOffice.org. (Hey, don’t laugh.)

Education is important in larger organizations, so spread the word. Somehow I doubt that your organization is interested in having its proprietary and confidential data compromised because someone wanted to open a Word document from unknown sender.

Metadata and Navigation

Be social and share this post!