
File under insecurity...
By Joris Evers
Published: 26 January 2007 08:25 GMT
Another previously undocumented, yet-to-be-patched security vulnerability in Microsoft Word is actively being exploited in cyber attacks.
The vulnerability is the fourth zero-day vulnerability to arise in the Microsoft application in two months. Microsoft hasn't provided patches for any of the flaws, despite acknowledging the holes are being used in attacks on its customers.
A Microsoft representative said in a statement about the latest problem: "There have been very limited attacks reported that are attempting to use the reported vulnerability at this time." Redmond is investigating this latest report and may issue a patch, if needed, the representative said.
The newest problem allows an attacker to hijack systems running Word 2000 and causes a crash of Word 2003 and Word XP, Symantec said in an alert. "An attacker could exploit this issue by enticing a victim to open a malicious Word file," it said.
Security experts have said the limited-scale attacks are the most dangerous. Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern because they can be blocked. Instead, especially for businesses, targeted Trojan horses have become nightmares, as they can fly under the radar.
Symantec advises people to make sure their security software is up-to-date and urges caution when opening Word documents. Businesses should put policies in place to prevent Word documents from being distributed to users, Symantec said.
Joris Evers writes for CNET News.com
Title: Web Applications Vulnerability Tester / Penetration Tester Salary: market rates but probably 40k to 60k Company: online / ecommerce company ...
Our unmatched security expertise, focus on manageability, and proven ability to successfully prevent attacks are the reasons why McAfee is the ...
Check Team Leader Summary: My client are looking for an experienced consultant CHECK Team Leader to join our Information Security Practice.Main ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business