Don't miss our upcoming Network Computing virtual event on Connectivity Solutions - Secure Your Complementary Seat Now!
Microsoft said it's working on a fix for the zero-day vulnerability in Word that spooked security vendors last week, but likely won’t release a patch until June 13, the next regularly-scheduled monthly patch day.
The Microsoft Word bug first surfaced Friday, when numerous security companies, led by Symantec, said that an active exploit was using an unpatched vulnerability in Word 2003 and Word XP to drop a backdoor Trojan onto a limited number of PCs. Once in place, the Trojan -- which uses rootkit techniques to infiltrate code into difficult-to-detect locations on the drive -- provides the attacker with command shell access to the PC, effectively hijacking the machine.
Friday and Saturday, Microsoft acknowledged the Word bug, said it was working on a fix, and downplayed the vulnerability.
"So far, this is a very limited attack, and most of our antivirus partners are rating this as 'low,' said Stephen Toulouse, program manager for Microsoft Security Response Center (MSRC), wrote on the MSRC blog Saturday.
Friday, Toulouse said that his team was working up a patch, which had already moved into testing, and would release with the June update, "or sooner as warranted."
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
