Updated April 11 with confirmation that Microsoft is investigating the zero-day reports.
Within hours of Microsoft's monthly patch rollout Tuesday, McAfee Inc. warned of possible
The Santa Clara, Calif., antivirus vendor said it is studying "several" reports of Office zero-day exploits attackers could use to cause a denial of service or run malicious code on targeted machines.
"This is yet another time that zero-day flaws have been published around a Patch Tuesday, possibly to maximize the public's exposure to these flaws until the next month's Patch Tuesday," McAfee researcher Karthik Raman wrote in the company's Avert Labs blog.
All but one of the reported Office zero-days result in denial of service, and there is one heap-overflow flaw that might be exploited for code execution, Raman said, adding that Avert Labs is also analyzing proof-of-concept code for a zero-day vulnerability in Microsoft Windows's handling of .hlp files. "This is another heap-overflow flaw that might be exploited for code execution. Stay tuned," he wrote.
Security experts typically advise users to mitigate the threat of Office-related exploits by not opening such documents when they come in email attachments from unknown or untrusted sources.
A Microsoft spokeswoman confirmed that an investigation is proceeding.
"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs," she said in an email exchange. "Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."
She stressed that the initial investigation has shown that none of the reported zero-days affect Word 2007 or any Office 2007 products.
Meanwhile, she said, the software giant is also looking into reports of a possible vulnerability in the Microsoft Help subsystem.
Microsoft released five new security updates Tuesday, four of them for critical flaws in Windows and Content Management Server. Attackers could exploit all of the flaws to take complete control of targeted machines, the software giant warned.
Eric Schultze, chief security architect at Shavlik Technologies LLC, in Roseville, Minn., warned that the flaws fixed in Microsoft bulletins MS07-018 and MS07-019 have the ingredients for a major attack; that they are the most wormable holes he has seen in some time.
"Both are server-side attacks that could be remotely exploited over the Internet without the user doing anything," he said. "I would patch [the issues outlined in MS07-018 and MS07-019] right away. If you have an XP system and the firewall isn't turned on, it may no longer be your XP system."