Home > Security News > Microsoft Word zero-day being actively exploited
Security News:
EMAIL THIS

Microsoft Word zero-day being actively exploited

By SearchSecurity.com Staff
08 Jul 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Symantec Corp. warned late Tuesday of active attacks targeting a zero-day flaw in Microsoft Word.

Symantec's DeepSight Threat Management team raised its Threatcon to level 2, warning that some Microsoft Office versions are affected by the exploit even when fully patched. If successfully exploited, an attacker could gain access to a system with the same user rights as the victim.

SearchSecurity radio:

"Symantec is working closely with Microsoft to confirm the details of this discovery," the vendor said in its advisory.

Microsoft confirmed the flaw in a security advisory warning that the vulnerability is in Microsoft Office Word 2002, Service Pack 3. Microsoft said in order for an attack to be successful, a victim must click on a malicious link contained in an email message.

"While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability," Microsoft said in its advisory.

There are currently no workarounds for the flaw. Microsoft advised customers to check their firewall settings and educate end users about clicking on links in email from unknown senders.

"At this time, we are aware of limited, targeted attacks attempting to use the reported vulnerability, but we will continue to track this issue," said Bill Sisk, the response communications manager for the Microsoft Security Response Center, (MSRC) said in the MSRC blog.

The zero-day is the second one acknowledged by Microsoft this week. The software giant issued an advisory Monday warning of active exploits on a zero-day flaw in the Snapshot Viewer ActiveX control for Microsoft Access. The Word zero-day is unrelated to any security bulletins released by Microsoft Tuesday as part of its monthly release of patches.



Tags: Securing Productivity ApplicationsEmerging Information Security ThreatsMalware, Viruses, Trojans and SpywareVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Securing Productivity Applications
Quiz: How to build secure applications
How to detect software tampering
Adobe fixes 29 flaws in Acrobat, Reader
Adobe warns of critical update for Reader, Acrobat 9.1.3
Why should we place data files on a separate partition than the OS?
Adobe updates ColdFusion, JRun, Flex
Serious Adobe Flash flaw being exploited
Adobe acknowledges serious Flash zero-day vulnerability
Adobe issues security advisory for Flash zero-day flaw
When to use the service features of the Metasploit hacking tool

Emerging Information Security Threats
RSA security conference 2010: news, interviews and updates
Hackers to sharpen malware, malicious software in 2010
Modern malware, stealthy botnets, adapt quickly, expert says
New ransomware Trojan pushes victims to buy software
Bruce Schneier on outsourcing, awareness training
US-CERT warns of BlackBerry snooping software
Marcus Ranum on cyberwarfare, infosec careers
Researchers find thousands of flawed embedded devices
Enterprise botnets contain thousands of malware variants
Nuke and pave to eradicate botnets

Malware, Viruses, Trojans and Spyware
New Zeus spam poses as Social Security statements
Increase in Gumblar backdoors poses FTP credential problems
Hackers to sharpen malware, malicious software in 2010
iPhone worm Rickrolls jailbroken phones
Israeli Mossad add Trojan Horse to Syrian laptop
Schneier-Ranum Face-Off: Is antivirus dead?
Modern malware, stealthy botnets, adapt quickly, expert says
Computer worm infections up, scareware antivirus down, Microsoft says
Web-based attacks skyrocket, pirating sites surge, security firms say
Mini guide: How to remove and prevent Trojans, malware and spyware

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
sheepdip  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts