Microsoft Warns of New Word Attack
Microsoft has warned of a serious and as-yet-unpatched vulnerability in Microsoft Word that can allow malicious hackers to compromise computers remotely. According to the latest reports, hackers are actively exploiting the zero-day flaw.
Microsoft said the memory-corruption error in the software was discovered from the limited number of attacks that are already exploiting it.
The flaw affects many versions of Word, including Word 2000, Word 2002, Word 2003, Word Viewer 2003, Word 2004 for Mac, and Word 2004 X for Mac.
Microsoft Works 2004, 2005, and 2006 are all potentially vulnerable, according to the company.
Don’t Open It
“Do not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources,” Microsoft warned in an advisory.
Users duped into opening the malicious Word files are likely to discover that their systems have been compromised, because the vulnerability can be exploited by hackers to install spyware or dangerous Trojan horse programs.
Perhaps the biggest danger, security experts are saying, is having the compromised computer added to a network of hijacked PCs known as a botnet. The compromised computer can then be used to send out spam, attack other computer systems, or engage in a variety of nefarious activities.
Hack Trends
Security experts have cautioned that zero-day attacks — in which hackers are able to exploit a software vulnerability for which there is no patch — provide a significant challenge, especially because the attacks typically begin only in very limited numbers, effectively flying beneath the radar.
These “limited attacks” have proved to be a greater challenge to stop than widespread worms, viruses, or Trojan horses sent to millions of e-mail inboxes because they often go completely unnoticed by security companies until they have developed critical mass.
Additionally, security experts have pointed to a trend in which many hackers have turned…
