Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

New Word Zero-Day Attacks Begin

Microsoft warned Mac and Windows users of its popular word processor Word that attackers are exploiting an unpatched flaw in the program's file format. A security research firm said the attacks will likely remain limited.

Tuesday, Microsoft posted a security advisory that acknowledged specially crafted Word documents could be used to seize a computer, and offered a defensive recommendation. "Do not open or save Word files that you receive from untrusted sources or that are received unexpectedly from trusted sources," Microsoft said in the advisory.

Word 2000, 2002, and 2003 are vulnerable, noted Microsoft, as are Microsoft Works 2004, 2005, and 2006 since those bundles also include Word, and Word Viewer 2003, a free-of-charge utility aimed at users who don't own Word but need to view and print documents in the program's native file format. Users of Word 2004 for Mac and Word 2004 v. X for Mac are also at risk.

"We're not seeing any widespread outbreak," says Vince Hwang, a group product manager with Symantec's security response team. "Instead, we expect that it will be used in targeted attacks against individuals."

Although Microsoft doesn't rate its advisories, others have pegged the new zero-day as critical. Danish vulnerability tracker Secunia, for example, labeled the new flaw as "extremely critical," the top-most ranking in its five-step scoring system.

  • 1