Microsoft disputes Word zero-day report

By Bill Brenner, Senior News Writer 31 Jan 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Updated Wednesday, Jan. 31 with additional details from Microsoft.

For the second time in a week, Symantec Corp. said it has discovered a zero-day flaw in Microsoft Word that's being actively exploited. But Microsoft claims the flaw is not new.

In the cases it has reviewed, Symantec said machines are infected with a Trojan horse that exploits the flaw when the user opens a malicious Word file.

If Symantec's findings prove accurate, this will be the fifth zero-day flaw reported in Word in recent months, and security experts are hoping Microsoft will release a comprehensive fix during its next monthly patch rollout Feb. 13.

Symantec warned of the latest zero-day in an alert sent to customers of its DeepSight threat management service. The Cupertino, Calif.-based antivirus giant said it has confirmed that three variants of Trojan.Mdropper.X are targeting an unspecified flaw in Word 2003.

Zero-day in the news: Microsoft investigates new Word zero-day Critical fixes for Excel, Outlook and Windows Out-of-cycle Microsoft patch likely, experts say

"We have successfully tested these exploits on Microsoft Word 2003 running on fully patched Windows XP with Service Pack 2," Symantec said. "We strongly suggest applying strict filtering policies preventing Microsoft Office documents from untrusted sources and networks. This is a new incident in a series of similar and ongoing attacks targeting this application."

Symantec said an attacker could exploit the flaw by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to run malicious code in the context of the logged-in user.

Microsoft said it is investigating the issue but that in its view, the problem is not new.

"Microsoft's initial investigation shows that this is not a new vulnerability but a duplicate of an already known public issue.

Last week, Symantec reported a memory-corruption flaw in Word 2000 that was also being targeted by malicious code. Microsoft confirmed it is investigating that flaw.

This is the fifth zero-day flaw reported in Word in recent months. Microsoft has acknowledged the first four, but has not yet issued a security update to fix them. When Word fixes weren't included in the software giant's January patch rollout, security experts speculated that the company might be compelled to release an out-of-cycle patch. That hasn't happened yet, and the next scheduled patch release is Tuesday, Feb. 13.

Tags: Securing Productivity Applications,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Software piracy group offers cash to whistleblowers How to secure a .pdf file How do hackers bypass a code signing procedure to inject malware Quiz: How to build secure applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Malware, Viruses, Trojans and Spyware The world's top 5 riskiest domains New Zeus spam poses as Social Security statements Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary