Home > Security News > Microsoft warns of actively exploited Word flaw
Security News:
EMAIL THIS LICENSING & REPRINTS

Microsoft warns of actively exploited Word flaw

By SearchSecurity.com Staff
24 Mar 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Microsoft is warning customers of active attacks on a vulnerability that could be exploited through Microsoft Word giving an attacker the same user rights as the local user.

We currently have teams working to develop an update of appropriate quality for release in our regularly scheduled bulletin process or as an out-of-band update.
Bill Sisk
response communication manager, Microsoft Security Response Center (MSRC)

The vulnerability exists in the Microsoft Jet Database Engine. In order for the vulnerability to be exploited, users would have to click on a link in an email message to navigate to a malicious website that contains a specially crafted Word file.

"In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability," Microsoft said in its advisory.

Bill Sisk, the response communication manager for the Microsoft Security Response Center (MSRC), did not rule out an out-of-band update to correct the problem.

"We currently have teams working to develop an update of appropriate quality for release in our regularly scheduled bulletin process or as an out-of-band update, depending on customer impact," Sisk said in a posting at the MSRC team blog.

As a temporary workaround, customers can restrict the Microsoft Jet Database Engine from running. Administrators can also block Microsoft database files (.mdb) files from being processed through mail systems.

Those using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1 are vulnerable to these attacks, Microsoft said.

"Microsoft is investigating the public reports and customer impact," Microsoft said in its advisory. "We are also investigating whether the vulnerability can be exploited through additional applications."

Sound Off! -   Be the first to post a message to Sound Off!


Tags: Securing Productivity ApplicationsWindows XP and Server SecurityWindows Vista SecurityVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts