Sunday September 7, 2008 2:39 AM AEST

SC Magazine Australia/NZ > News > Patch Management > Microsoft > Microsoft warns of new Word attacks

Vulnerability Alerts

SANS

Microsoft

MS08-022 – Critical: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) - Version:2.1
Microsoft Security Advisory (951306): Vulnerability in Windows Could Allow Elevation of Privilege

CERT/CC

Latest Comments

"hi.. i like google chrome. I need to know if in future, google is willing to upgrade google ..."

on Layered security in Google Chrome browser

by george s | Sep 7, 2008 1:52 AM

"Smart Antivirus-2009 crack"

on Researchers crack London's Oyster card security

by trancongtruongtruong | Sep 7, 2008 12:38 AM

"I urge every business person and IT person, management or staff, to get hold of a copy of "I.T. ..."

on Bank of New York loses 12.5 million customer details

by John Franks | Sep 6, 2008 1:20 AM

"iam intrested in porn movies workes in actors from 36/m india pleas help me thanks."

on Popular porn site hacked by prudes

by vinod agarwal | Sep 5, 2008 8:26 PM

"test for intresting"

on Forensic Tool Kit v 1.70

by cocoboy | Sep 5, 2008 5:39 PM

Microsoft

Microsoft warns of new Word attacks

Microsoft has issued yet another security advisory in the wake of attacks targeting Word.

The company said in the advisory that it has received reports of attackers targeting a flaw in the handling of .doc files. The attacks are not currently believed to be widespread, and the initial exploit attempts have been in specially targeted attacks.

The vulnerability lies in the way Word 2002 Service Pack 3 handles .doc files. An attacker could use a specially-crafted document to cause a memory overflow error and application crash. The error would then leave the system vulnerable and allow the attacker to remotely execute code on the target system.

Microsoft said that the vulnerability only appears to exist in Office Word 2002 Service Pack 3. No other versions of Word or Office appear to be at risk for attack.

In addition to basic security practices such as enabling a firewall and antivirus software, Microsoft recommends that users exercise caution in loading mail attachments and avoid suspicious .doc files.

This is the second time this week that Microsoft has issued a patch for a vulnerability which is being actively exploited. On Monday, the company issued a warning about a remote code execution attack which targets an ActiveX component in its Office Access software.

The announcement also comes just one day after Microsoft released the July edition of its monthly security update. That update was the first in almost three years to not contain a bulletin rated as "critical."

The next security update is scheduled for August 12th, though Microsoft will often break from that schedule and release a patch early if attacks persist or worsen.

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Patch Management Whitepapers

Microsoft warns of new Word attacks

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management