Another previously undocumented, yet-to-be-patched security vulnerability in Microsoft Word is actively being exploited in cyberattacks, Microsoft said Thursday.
The vulnerability is the fourth zero-day vulnerability to arise in the Microsoft application in two months. Microsoft hasn't provided patches for any of the flaws, despite acknowledging that the holes are being used in attacks on its customers.
"There have been very limited attacks reported that are attempting to use the reported vulnerability at this time," a Microsoft representative said Thursday in a statement about the latest problem. The company is investigating this latest report and may issue a patch, if needed, the representative said.
The newest problem allows an attacker to hijack systems running Word 2000 and causes a crash of Word 2003 and Word XP, Symantec said in an alert Thursday. "An attacker could exploit this issue by enticing a victim to open a malicious Word file," the Cupertino, Calif.-based security company said.
Security experts have said the limited-scale attacks are the most dangerous. Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern because they can be blocked. Instead, especially for businesses, targeted Trojan horses have become nightmares, as they can fly under the radar.
Symantec advises people to make sure their security software is up-to-date and urges caution when opening Word documents. Businesses should put policies in place to prevent Word documents from being distributed to users, Symantec said.
"Businesses should put policies in place to prevent Word documents from being distributed to users, Symantec said."
You've got to be kidding me? Most businesses would have to shut down if they couldn't send word documents within the organization. How about a useful recommendation, like finding another word processing program, or perhaps making the same noise you do about major worms in the press and getting Microsoft to release something faster to avoid a negligence lawsuit.
OK, here's a suggestion. If the recipient doesn't need to edit the files send him a PDF. If he does, save your documents as RTF files rather than DOC? Or better yet, save them as ODF.
Totally unrealistic in today's business world, with MS Office dominating the desktop. We are constantly having to email Word and Excel docs back and forth between staff to conduct business. The only realistic approach is to either have MS fix these flaws quicker and to have your IT staff be vigilant about updated virus protection for all workstations...
Feinstein bill gets through congress that holds people responsible for computer intrusions due to lack of maintenance. Then it will be a crime to knowingly run any Microsoft Office products on the internet or use them to freely exchange files generated by Microsoft Office. Here we are, three months and counting. Four known holes will be fixed in February, only for us to be left hanging in the breeze for another month while the fifth and latest waits to be patched. Don't worry, the attacks are targetted, very few people are being compromised, STBY if you are the target. Nuke and reload is in your future after your company's private data is stolen.
There are plenty of other solutions to share documents. You don't have to send them attached in mail. You can put them for instance on a known/trusted file share and send the link, or better put them into a known/trusted SharePoint or web server the whole team is using, or check them in into your source control/content management database, etc. Or if you really need to send content by mail you can simply send mail in RTF format and copy/paste from the Word/Excel doc into your message. Someone must be insane to insist opening attached documents received in email (no matter of their formats) after all the viruses and worms that circulated in the last years...
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
You've got to be kidding me? Most businesses would have to shut down if they couldn't send word documents within the organization. How about a useful recommendation, like finding another word processing program, or perhaps making the same noise you do about major worms in the press and getting Microsoft to release something faster to avoid a negligence lawsuit.
<a class="jive-link-external" href="http://sourceforge.net/project/showfiles.php?group_id=169337" target="_newWindow">http://sourceforge.net/project/showfiles.php?group_id=169337</a>
Word's Doc files been biting people in the backside for years. If they aren't carrying a malicious payload, they are blabbing your secrets.
<a class="jive-link-external" href="http://news.bbc.co.uk/2/hi/technology/3154479.stmbbing" target="_newWindow">http://news.bbc.co.uk/2/hi/technology/3154479.stmbbing</a> secrets.
You can put them for instance on a known/trusted file share and send the link, or better put them into a known/trusted SharePoint or web server the whole team is using, or check them in into your source control/content management database, etc.
Or if you really need to send content by mail you can simply send mail in RTF format and copy/paste from the Word/Excel doc into your message.
Someone must be insane to insist opening attached documents received in email (no matter of their formats) after all the viruses and worms that circulated in the last years...
Non-critical flaws are to be patched within 72 hours.
Microsoft has been aware of at least 3 zero-day flaw more than a week prior to their January Security Updates... and that was 2 weeks ago.
Shows how concerned Microsoft is about the security of their users!
Bottom Line: Swap to Linux and resolve the slow patching track-record of Microsoft.
Walt