Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Thursday, February 15, 2007 6:33 AM PT Posted by Erin Biba

New Zero-Day Word Attack

Microsoft's Word and Office programs have been targeted again, with the company warning that hackers may already exploiting a new vulnerability found in the applications.

The warning comes just after the company issued fixes for 20 other bugs in its products on Tuesday, including six for Word.

The latest problem affects Office 2000 and Office XP, Microsoft said in a security advisory on Wednesday. An attacker could create a specially-crafted Word document that, if opened, could allow them to control a victim's computer remotely. As usual it advised great caution when opening unsolicited attachments.

Microsoft said it had received reports of "very limited, targeted" attacks. Danish security vendor Secunia ranked the problem as "extremely critical."

The emergence of a security bug so soon after Microsoft's scheduled patch release follows a familiar pattern by hackers, who want to maximize the amount of time they have to take advantage of a vulnerability, said Thomas Kristensen, Secunia's chief technical officer. Microsoft rarely diverts from its patch schedule, set for the second Tuesday of the month, although it said it would in this case if it considers it necessary.

Office applications such as Word are "low-hanging fruit" for hackers, since the programs haven't been audited as much as some others, such as Internet Explorer, Kristensen said.

The hackers find a vulnerability by manipulating a document and testing how Word reads it. In this case, a modified document can corrupt system memory in a way that allows the attacker to execute code on the machine remotely. As well as sending the document via email, the hacker could embed it in a Web page and try to lure users into visiting that page.

"Attacking using this vector is fairly easy," Kristensen said.

However, new security features in Windows Vista, released to the general public last month, may prevent similar types of attack, so hackers may be making an extra effort to exploit them while they can, he said.

Thanks to Jeremy Kirk, IDG News Service for the info!

Comments
Post a comment Post a comment
Recent Posts
Recovering a Stolen Laptop... via the Stolen Laptop
Caption Crunch: The Robo-Governator
Microsoft to Offer Office 2007 SP1 via Automatic Update
The Return of the Free PC?: Bank Gives Away Eee PCs with New Account
RIAA Clings to DRM and the Past: It's Time to Look Forward
Apple Offers Credit For Older-Generation iPod Owners
'Net Neutrality': A Nettlesome Question
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers