X
Tech
Home Tech Security

A fifth MS Word zero-day?

Virus trackers at Symantec have raised an alert for what is believed to be a fifth unpatched -- and previously unknown -- security flaw affecting Microsoft Word.
Written by Ryan Naraine, Contributor

[Updated: January 31, 2006] Virus trackers at Symantec have raised an alert for what is believed to be a fifth unpatched -- and previously unknown -- security flaw affecting Microsoft Word.  

The company is working with Microsoft's security response center to sort out whether this is unrelated to the four other Word zero-days that remain unpatched. [See 12:58 pm update below].

"We believe this is a new vulnerability, making it the fifth currently unpatched Office file format vulnerability. While these documents are being used in a targeted attack consistent with previous cases, we have received different documents that use this same exploit from multiple organizations," according to a note from Eric Chien, a security response engineer at Symantec.

Chien said the rigged Word documents have each been designed specifically for the targeted organization in both language and content. This clearly suggests either corporate or government espionage, where sophisticated spear phishers use e-mail lures to trick targets into launching dirty .doc files.

The e-mails appear genuine -- coming from a colleague or someone within the organization that routinely send out group messages -- but the attached file comes with a dangerous payload that includes Trojan downloaders and backdoor programs that give an attacker access to a company's entire computer system.

This is why Microsoft's pre-patch guidance is so blunt: "Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources."

If Redmond confirms this is a new (fifth) Word zero-day, a security advisory will be released to warn of the attacks and to provide potential workarounds.

[Update: According to Bugtraq ID 22328, this issue affects Microsoft Word 2003 Viewer, Microsoft Word 2003, Microsoft Office 2003 (SP1 and SP2)]

[Updated: January 31, 2007 @ 12:58 pm]  Just got a note from Microsoft's security response team.  The company's initial investigation shows that this is not a new vulnerability but a duplicate of an already known public issue.

Editorial standards
Show Comments

Related

The Apple Watch Ultra 2 with an Atlantic Blue Nomad Rugged Band.

6 reasons to buy an Apple Watch, according to a wearables expert

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

Placeholder product image alt text

The best AI image generators to try right now