Microsoft disputes Word zero-day report

By Bill Brenner, Senior News Writer 31 Jan 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Updated Wednesday, Jan. 31 with additional details from Microsoft.

For the second time in a week, Symantec Corp. said it has discovered a zero-day flaw in Microsoft Word that's being actively exploited. But Microsoft claims the flaw is not new.

In the cases it has reviewed, Symantec said machines are infected with a Trojan horse that exploits the flaw when the user opens a malicious Word file.

If Symantec's findings prove accurate, this will be the fifth zero-day flaw reported in Word in recent months, and security experts are hoping Microsoft will release a comprehensive fix during its next monthly patch rollout Feb. 13.

Symantec warned of the latest zero-day in an alert sent to customers of its DeepSight threat management service. The Cupertino, Calif.-based antivirus giant said it has confirmed that three variants of Trojan.Mdropper.X are targeting an unspecified flaw in Word 2003.

Zero-day in the news: Microsoft investigates new Word zero-day Critical fixes for Excel, Outlook and Windows Out-of-cycle Microsoft patch likely, experts say

"We have successfully tested these exploits on Microsoft Word 2003 running on fully patched Windows XP with Service Pack 2," Symantec said. "We strongly suggest applying strict filtering policies preventing Microsoft Office documents from untrusted sources and networks. This is a new incident in a series of similar and ongoing attacks targeting this application."

Symantec said an attacker could exploit the flaw by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to run malicious code in the context of the logged-in user.

Microsoft said it is investigating the issue but that in its view, the problem is not new.

"Microsoft's initial investigation shows that this is not a new vulnerability but a duplicate of an already known public issue.

Last week, Symantec reported a memory-corruption flaw in Word 2000 that was also being targeted by malicious code. Microsoft confirmed it is investigating that flaw.

This is the fifth zero-day flaw reported in Word in recent months. Microsoft has acknowledged the first four, but has not yet issued a security update to fix them. When Word fixes weren't included in the software giant's January patch rollout, security experts speculated that the company might be compelled to release an out-of-cycle patch. That hasn't happened yet, and the next scheduled patch release is Tuesday, Feb. 13.

Tags: Securing Productivity Applications,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Adobe ColdFusion websites being compromised Adobe fixes critical Shockwave Flash Player flaw Adobe issues first quarterly patch release fixing 13 flaws Adobe shifts to Microsoft patching process, incident response plan Balancing security and performance: Protecting layer 7 on the network Software Piracy pandemic needs government role, better vendor antipiracy plans McAfee to acquire Solidcore Systems for whitelisting Adobe issues Reader update fixing zero-day flaw Microsoft to patch critical PowerPoint zero-day flaw PCI DSS: Best practices for compliance Malware, Viruses, Trojans and Spyware ISP shutdown latest cat-and-mouse game with hackers How to get rid of malware, botnets on a hospital IT network How can search results lead to malware? Should a national cybersecurity strategy include offensive botnets? How to prevent mobile phone spying How to defend against rogue DHCP server malware New Trojan stealing FTP credentials, attacking FTP websites Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary