Attackers find new flaw in Microsoft’s old Word
Microsoft has said that its Word software is subject to a flaw which is already being attacked by hackers.
An attacker would have to create a specially modified Word document that the target would have to be persuaded to open. However, Microsoft is providing very little detail as to the nature of the flaw, which affects most currently supported versions of the application, from Word 2000 to 2003, Works 2004 to 2006, Word Viewer 2003, and Word 2004 and 2004 vX for Macs.
The new version in Office 2007 is not believed to be affected.
It says the vulnerability is currently under investigation by Microsoft security experts, and that it is aware of publicly available attack code. ‘We are currently investigating a report of a proof of concept which may allow an attacker to execute code on a user’s machine by convincing them to open a specially-crafted Word document. We are aware of limited attacks attempting to use the vulnerability reported,’ it says.
However, without a patch to fix the flaw, Microsoft’s current guidelines on how to avoid an attack are: ‘Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.’
Microsoft’s upcoming security bulletin will be released 12 December, although there is no guarantee that a fix will be ready at that date.