Thursday, December 07, 2006
Microsoft issues Word attack alert
On Tuesday, December 5, Microsoft posted a security advisory about an important vulnerability in Word that is being used in zero-day attacks. Apparently the flaw can be exploited when a user simply opens a rigged document. Word versions that are affected by this vulnerability include Word 2000, 2002, and 2003. Also at risk are people using Word Viewer 2003, Word 2004 for Mac, and Microsoft Works 2004-2006.
You can add a small measure of protection by using the Office Document Open Confirmation Tool for Office 2000 (I'm not sure about compatibility with later versions or Word 2007). That utility prompts you to Open, Save, or Cancel when a file is opened (which gives you a moment to think about whether you really need to open that attachment).
No word yet on when a patch will be available for this. We hope soon. In the meantime, Microsoft is suggesting that Word users "not open or save Word files," which seems a bit impossible for those of us who work in Word all day. At the very least, take extra care with any attachments you do open—and be sure not to open any unexpected, unsolicited attachments.
Not familiar with the term "zero-day attack"? Click here to read what Wikipedia has to say about it.
Subscribe to Posts [Atom]