[ISN] Microsoft Issues Word Zero-Day Attack Alert

From: InfoSec News (alerts@private)
Date: Tue Dec 05 2006 - 22:22:33 PST


http://www.eweek.com/article2/0,1895,2068786,00.asp

By Ryan Naraine
December 5, 2006

Microsoft on Dec. 5 warned that an unpatched vulnerability in its Word 
software program is being used in targeted, zero-day attacks.

A security advisory from the Redmond, Wash., company said the flaw can 
be exploited if a user simply opens a rigged Word document.

Affected software versions include Microsoft Word 2000, Microsoft Word 
2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft 
Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft 
Works 2004, 2005 and 2006 suites are also affected because they include 
Microsoft Word.

There are no pre-patch workarounds available. Microsoft suggests that 
users "not open or save Word files," even from trusted sources. "As a 
best practice, users should always exercise extreme caution when opening 
unsolicited attachments from both known and unknown sources," the 
company said.

Users who have installed and are using the Office Document Open 
Confirmation Tool for Office 2000 will be prompted with Open, Save or 
Cancel before a file is opened. This offers a minor warning mechanism 
for Word users.

The high-risk alert comes exactly one week before the company's 
scheduled December Patch Tuesday, but there is no word yet from 
Microsoft on the timing of its fix for Word.

The MSRC (Microsoft Security Response Center) has activated its incident 
response process, which includes coordination with anti-virus and 
security vendors and the creation of a software update. According to the 
advisory, Microsoft may consider an out-of-cycle patch if necessary.

At press time on Dec. 5, there were no detection signatures available 
from anti-virus vendors.

This is the second major Microsoft Word zero-day attack this year. In 
May 2006, a sophisticated attack originating from China and Taiwan was 
detected using a Trojan dropper and a backdoor with rootkit features to 
mask itself from anti-virus scanners.

There have been several zero-day flawsand targeted attacksfound in 
Microsoft Office applications, including Excel, PowerPoint and 
Publisher. Many security experts said they believe corporate espionage 
is the main motive behind the attacks.


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Tue Dec 05 2006 - 22:35:23 PST