New Attack on MS Word
Posted by cotojo on March 29, 2008
Hackers may be exploiting an unpatched hole to plant malicious code in Word docs and any system that opens them.
Be extra careful when opening documents in Windows, especially if they are Word files. Microsoft have warned that cyber criminals may be taking advantage of an unpatched flaw in the Windows operating system to install malicious software on a victim’s PC.
The reported attack, now being investigated by Microsoft, involves a malicious Word document, but there may also be other ways of exploiting the flaw.
Do not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources.
The flaw lies in the Jet Database Engine that is used by a number of products including MS Access. Microsoft is investigating whether other programs may also be exploited in this type of attack.
This kind of unpatched, “zero day” attack is always cause for concern.
Following its usual policy, Microsoft didn’t say when, or if it planned to patch the bug. In a statement sent to the press, the company did not rule out the possibility of an emergency patch being released ahead of its next set of security updates, which are expected on April 8.
Users of many versions of Word, including Word 2007, 2003, 2002 and 2000 are at risk, unless they are running Windows Vista or Windows Server 2003, Service Pack 2. Those two operating systems include a newer version of the Jet Database Engine that does not have the bug.
For technically savvy users this means that PCs with a version of the Msjet40.dll that is lower than 4.0.9505.0 are vulnerable.
There have been other reports of attacks targeting this database software. In December, the United States Computer Emergency Readiness Team warned that attackers were sending out malicious MS Access Database (.mdb) files in a similar type of attack. Security experts assumed that this exploit could have been based on a publicly reported flaw in the Jet Database Engine.
March 30, 2008 at 5:14 pm
I am person who love security. This is good news. Many people are using Ms Word today. I would tell my friend and people about this.
March 30, 2008 at 5:23 pm
Chuy Ban - Thank you for your visit and comment
As you say, many people are using MS Word and MS Office applications and it now has unpatched security flaws which can lead to malicious use.
Users need to be aware of the security risks involved when accepting files and documents from others, even trusted sources.
Have a good day,
Colin
April 28, 2008 at 7:00 pm
Hey Colin,
This is a pretty serious warning! I am glad I came here!
I missed you on Life so I decided to drop by here and check this site thoroughly! Well done!
I hope everything is well with you :D!
Cheers, darling!
May 5, 2008 at 2:06 pm
Max - Hi darling, hope you are well
I’m getting back to some sort of normality - if that exists
There’s always something new that comes along for people to take heed of.
Take care sweetheart and have a great week,
Colin