Don't Open That Word File, Microsoft Warns - WinPlanet Windows Software Reviews

You are in the: Small Business Computing Channel

ť ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |Refer-It

Power Search | Tips

Browsers

Chat / Conferencing

Desktop Utilities

Development

Internet Apps

Multimedia

OS Service Packs

Productivity Tools

Enter a keyword

Newsletters offering Windows news, articles, tips and reviews.

Partners & Affiliates

Small Business Computing

Ecommerce Guide

Webopedia

WinPlanet

WinPlanet / News

Download of the day

• Internet Explorer 8

Most Popular Software Downloads

• Opera

• Internet Explorer 7

• QuickTime for Windows

• Winamp

• Mozilla Firefox 3

• Ad-Aware 2008 Free

• Adobe Flash Player

• Paint Shop Pro

• Adobe Shockwave Player

• AVG Anti-Virus Free

• 7-Zip

Most Popular Software Articles

• Windows Vista Tips & Tricks, Part 1

• Windows Vista: Worthy of the Hype?

• Windows Wireless Zero Configuration: Five Steps to Sanity

Software Reviews

Don't Open That Word File, Microsoft Warns
Both Windows and Mac Words Users Affected
Ed Sutherland

Microsoft is investigating "limited" zero-day attacks exploiting vulnerabilities in multiple versions of Word for both Windows and Mac systems, according to a security advisory.

Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for the Mac and Microsoft Word 2004 version X for Mac, as well as Microsoft Works 2004, 2005, and 2006 are affected.

The software maker said it is developing a security update addressing the flaw, which could allow an attacker to take control of a system when a user opens a malicious Word file. The file could either be included as an e-mail attachment or on a Web site.

Today's zero-day vulnerability is "of the nature of previous ones," said Marc Maiffret, CTO of Eeye Digital Security, which created "Zero-Day Watch," a central repository of zero-day reports, their seriousness and what IT managers can do to mitigate the vulnerability.

For instance, the latest resembles one that affected Word 2000 in September.

Microsoft warned folks to not open or save Word files from untrustworthy sources or unexpected files from trusted sources.

The news comes a week before the regular monthly patch release. However, Microsoft said it could offer an out-of-cycle update, once it completes its investigation of the vulnerability. Six patches were issued last month, including five deemed critical.

Zero-day exploits are becoming increasingly common, as automated application patching becomes more widespread, according to the SANS Institute, which last month unveiled its latest Top 20 list of Internet security vulnerabilities.

According to SANS, flaws in Microsoft Office tripled compared to 2005.

The latest security hole in Word underscores the importance in timing the release of exploits, according to Andrew Jaquith, an analyst with Yankee Group. But the term "zero-day" has become an overused marketing phrase for security vendors, he said.

"I wouldn't be surprised if we see 'Zero-Day Defender' appearing."

News courtesy of internetnews.com

December 6, 2006

Download Microsoft Windows Malicious Software Removal Tool Now!

View All Microsoft Service & Security Releases

Contents:
1. Both Windows and Mac Words Users Affected

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook Intel Go Parallel Article: Getting Started with TBB on Windows Microsoft Article: 7.0, Microsoft's Lucky Version?		Intel Go Parallel Article: Intel Threading Tools and OpenMP HP eBook: Storage Networking , Part 1 Avaya Article: Speech Sandbox: Application Simulation in Avaya Dialog Designer MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
HP Video: StorageWorks EVA4400 and Oracle HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind		MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
30-Day Trial: SPAMfighter Exchange Module Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook		Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
Featured Algorithm: Intel Threading Building Blocks - parallel_reduce Silverlight 2 App and Walkthrough: Leverage Silverlight 2 with SQL Server and XML		HP Demo: StorageWorks EVA4400 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES