Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft Issues Word Zero-Day Attack Alert



 By: Ryan Naraine
2006-12-07
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Updated: The unpatched flaw can be exploited when a user merely opens a rigged Word document, and there are no pre-patch workarounds available, Microsoft warns.

Microsoft on Dec. 5 warned that an unpatched vulnerability in its Word software program is being used in targeted, zero-day attacks.

A security advisory from the Redmond, Wash., company said the flaw can be exploited if a user simply opens a rigged Word document.

Affected software versions include Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word.

Resource Library:
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

There are no pre-patch workarounds available. Microsoft suggests that users "not open or save Word files," even those that arrive unexpectedly from trusted sources. "As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources," the company said.

Users who have installed and are using the Office Document Open Confirmation Tool for Office 2000 will be prompted with Open, Save or Cancel before a file is opened. This offers a minor warning mechanism for Word users.

The high-risk alert comes exactly one week before the companys scheduled December Patch Tuesday, but there is no word yet from Microsoft on the timing of its fix for Word.

Click here to read about zero-day attacks against Microsoft Office Excel.

The MSRC (Microsoft Security Response Center) has activated its incident response process, which includes coordination with anti-virus and security vendors and the creation of a software update. According to the advisory, Microsoft may consider an out-of-cycle patch if necessary.

At press time on Dec. 5, there were no detection signatures available from anti-virus vendors.

This is the second major Microsoft Word zero-day attack this year. In May 2006, a sophisticated attack originating from China and Taiwan was detected using a Trojan dropper and a backdoor with rootkit features to mask itself from anti-virus scanners.

There have been several zero-day flaws—and targeted attacks—found in Microsoft Office applications, including Excel, PowerPoint and Publisher. Many security experts said they believe corporate espionage is the main motive behind the attacks.

Editors Note: This story was updated to clarify Microsofts guidance on the opening of Word documents from trusted sources.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.



  Reader Comments: Microsoft Issues Word Zero-Day Attack Alert
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}v6Ewْ5,nG"!1EjHʶ2;//ϸUxӅ||۝ؖB~$rLH56%3EC"I{#(`ZϩIzNڶ? }~mksu;#|6%߽w *s=NN5KԚLxg&l ek|`p,cw-h{=Dm@~5;Ks!&28K;?&?*B]2OHXߦuɷ{Xe;g7 1)*X^P~D;5~rF #k||=x:a/M˟l׸ڮUX'[vkx!BP!"B\ς]ݻHäNI@ؓIuhmUj'Өbb#Qނ]õ]&\.RF͌eCwt#Ss]oԏ 1l{`2rHn6 ӈyeOlˇqtRC'ס,iO`MھxsyLf.j.9bc] ͻS Ї@2zz`N8,2踞þ˲nMwͰ-6@6M-jZUQN bk'o[BU;֨o~UMSZp#lݹ܎ඔkS]}j_\Gr   $& JDTRBd$" Pc@G'$/@B.RM7JQߨ+ZVD+(H.#I-b{O`F`%pbQUriZ򳩥}9h__]wm2h}8ϑ|bP+Mz(#1hؕ3Fz o7筛Kew'kjꜵH ݅GlDM Whp -N[_nG_C燙M[CyC0-ߕRMRs?#1 >_4>^tHN™,-A2tǷPZ,/s$dB&Z~@X*,>JAͼ94oo$3E@;- u 8:j56kiJuV!`Fº΀$9Vϡȟ4R\ 9lbKvfyM)IK2_VJ-ɿEwh+dԌө$ɛ!"ˆG9x|!XsI((GNlO}yx>fYY7'*daeMUiH .u&vs"e~ *WFVnZ` QM}wQk+%YE*'X8ʍ??5m!SGñA s&M:vϋ`6 0hvz? >QZ#qOCGs>2胎6ml8-+ЍEXn`΀&Hqp{4ڭ.l=KPI}xX39&z(tH h&r=kIOׇ.[? ; G`r]ɝ5y0wCGHb1(#զρC/Y\7 )@}> nȲc@Ф7=[K%ܺyOm&,@PCb;*O<sE?&4ğ;n'}׾d +ZsS : jQidY09OK-,@ @M~έ63pPQ@1"Nt/+_.{ z>UF>3 $hD4e2f,4_\0-xJD%hXPr&S4Z0@Sy{0$u`m\>(gpFl`^t^@>^#%@P-W0"FcK鬡cKU1SOm{hCy-X\>(D78~Ò?DBScO=ܴ>?CU^V/xw"JPVblxcC+jrRT+ 7;|~~{ N )*|}9DO? 3ch9{RJo!m^J_29X>8ujN0edCc>eLVj9AB;>kJ?B4By^YpU.Q8UfjtiyNz2_'?:!gj締 j@Vﭑ>Y6i`1:R.eOSWLJ@(Aܚ:]x>z,9(``!>6z0f&QafY[ ⺪TjՂʾ_ًN+^>)& Lu0Ȉ%=WlThms܁c2P>H(Tg`ME]ac6U{zn&)Z-WMӳu;4 b>67'ojmvfL 0j(Y[|{` rfVȍZtNd_&&F}G ϓGjZ)1?V,09EW|6u+ln`,fJU08 ([wOuv1[ZqLRB71PUL 9ōfπiΈǎ2mԚVNL&Vi 6Z{k}zGdCRK= /#Z5SK8n7=R.R =cxYse}l^?mI#o  齦'nRzQ|Z%6jۃ|$rSO(Z7MBR%%!~ͳ!VA#"ZAX_xL-AKl!/`.R(S/Z4["X.)DД7ϰ;Rb  kQh>g-BwEr @ O+o { KImgϱ+Kzu U)UkNJZZ$t` ۳<0%q:LBr$1AE6 w܆k{JV~ZgZSq= Ϛb2?RXtZǤm@:ov; zu_Awy[|B>;? 4{48Zx-}M\ڿ E/{/[R|GY^ٷgP K Rbw}ɾ3jZ56|v> 72SH4|7Nys)}ֻ]z'sٖ zW's3BNnTH͋clF_!z.fS L k7d8) hdjm\8$Ø/=^q@ږһn9`\Jh5c-Ig“ E0NyT1r"`$X*؀M2_]4?G'2sE9v^SF(+bK)"$Dَ \gYɉ`INa1:*:a$kᷘo9?Oů1Ok7tAt_([tNz40[INju>!>48|EA'$M "a]Zqn} zsLiR'DZ3pq*l hww&?ӗdN-Ɣ @95^gtb )`0 ~U>ު箅MM%7aϝUkͰ<# Cӝ閃CL# Hbо&σ i+}Fz t{DoޞX7ۨ{.||,=}!G&zzy}> 9oaXKo6jO0>oR8;|?÷޽sʶ*CWq:Y+@Al"$$yUZ¶FWU3$]e%w NZx~2M3}%3 ՏK^xΠtp {~!F.u8 Tx`o~=~ȸ2]aG*G7WoCVZtCqDn&Vx/.)%/Uu@OKtG[_Q{tH{: 0N Ħ7sgGcef7Ƅ??C4ȥD.;曜;a!3̑ +Ӡ5m&ǶsG$;gr0G !$T8xl|wgLRx66vy)1h4Rwo8ln8W N 6V8u;QND7|} rx|Wvzw_wcLQF<7-2kp+cS;K//.9_h3[a@)w#Oƥ=D/!qĨ`jo0r`f[wh!rx.W>s=~QCP>l6]rAuõ&YXXF}s=s۵PiY V9e臍&BS{:-v,,#&D3ͳ}YWj'J_֨l0'#_#L,6Ѭ&%)+E^zc11Պةӝ%K& ű,Ot~0Bi K0y&Ą!CAA"a>Fn+y9?;-6ɄY8nLb,OZfA}:Qm'1aȂnrA* b# &i[c8Nymi첎Gmp,Lx;ҊGl+J:v\;ɂ9 n$sϥ&.xOXE)%WCޮ8ۃD"'"rGG0qiuE'Jo9ESdZ!>E5CErg'y>{ 7ߢdY| I ca&A 0"}Y -ܙę Wf09͸VJ̩VRcQ4,6o; 9hn!+`@ƈH1L~‹zӝzjm^Nj1ොj 1ar23 qsYhض5 +@iK V_j"5K]!;IWKz(@ %TC% JF{v=@@&jB3B8|x^TMRJo2HL{:{a=c˛RGP-[6 avJzHZqx{QeMRUI+JJ:٠Am;;.b[845IG_|{6J5 sEBPPJ'5&r!`^S!Ƴ^M!Tzq L-0$}nP&C!:$Ḕ\t:d"B}n1 A ݟCn#g=*oT])bk3i̇s"e"dPJԍb~}"Y q<|4Qە+KM΂R: DUWv A^=ﺎ1PI P 5%DOdƞ/In`ݩmƒ.v+<[CIVez}庞/X.o&aYvG `Z/\ cJtS.}WfRE@"H1Exhi:M B|x OxiGy1,B Q4կ\as1pFzot ӃZk!%!N IvQ|c;G嵍G4fv/,=N75+n]sdGM$Mmƞܪ}l*m}to~o~o~o~?OWURE ~:}OD;;ַA+cfc@g㘇c04Bخ^>hػk/K1PI-I]`^` ݖ;'B5v@c ŋPECg>Bq`ǞcoƗvOuOǫL $K Lc'"w\Ӏu*aU϶0- dzi 'ji*&Ǘ> ?u)Rs.V M6ohU!K3$oO,SP3 {44ST4kL]o0q_wn}wYL#ǔvTQlz'wR͏,:_Eo! <5n͕=;X=w bȮ-O9akek/(G>?G=:^ۏoS`q1I YW qCv7J rWG#ʛG#0k n"j\{js&$&Jjidw0}$FRtyϽgDh긺Z@a0ߢV&gB8AXJrXD Ň!^ "K&5D"cAKfכdacNͦ"f xr+B*sN /*JM̹OQ.+]ZXuZ.{V@\pkLxnP:qU3HS&ע+JTH4icG[j>9.~9AhC~<Vz^3Zk]X;XifyBE ~K-y-JYթHPlݹ䗏5<,ڢ#R[.77OduZS԰p-S|ri?*ܦzFIf8jR'ZA)rd!߽0|US*Z <⌢S|??&­!P)awS0Z*na㑅 .X`sYej xpX<>)4Sr[fV"p͒wys6t0^Q#1e&F > c[7ΥIxEZ||N]ƒ $Bq0ӜhVؚ~!oX5e2Kx(0  Ka1c~PoVR$4 >*3ʰLXUKʗ/cͲg2qÕ&JZ `xzNrdhz?;X~D|LBz،Pr5WWy4uMOgםAwIN>w.WםAqny18kyol21^ 3_$,C r~춙83΄Ks!Yx9K xU" /Eyx&It`JT /!jbTձ4MPl+N=Vk؊k8Gj:ٙEo֜ݗ|jc19ZZǴŎI GM&7ba߾h Hﲝk&5+ۼr(( (gMfFy{H-AQ~g?y\Cg{yktZпNF?ӹ(w2K?Q?o/A5Ӆw3,n~n~} $賛A]n}"^f(2(By72c~/.32cz^F{ z!_>2 ޿x:~0~0~@  n/1>Arߧ}} dd  M%u$e!(ofY NoT8\4^JeYWa uyQ^ yVV<^`ekWx.rg g{9;[?;uzBX\jzr+^geo5v+iAư۸/6` +^捽Ie=&xE'W4<< X1rnmyУx? ߆D,+| e%HI1σ#OC/+Ogu>>^wҾl^ 졳 쓭/>gAݷfDVN)pB ;,RktAc,oʼnS ;wMm=SOnWnޣ97pL\wn :#\ԴZjRs'%׈d6#8""2`zMKVdU*.ZX,.g /(@#غwM{%}C7<8fȳRLq u+J!'\Bxk.R2dofV2 %aw8aoh;bq Y8P*`%q8H؞.F^-F$/Z\iǤK4l"Kl͜j'b,B'}ZLc7ߖk礿LxƇ ?Y>KGJLƎ$zowH_\ɡ=$>x*8]vu$$}9= zLg6ߝswQH+dס a4oX9VX#e u Mٽ0BwA=0Em,?hPxUEg0H$=Cb K,H :BVfײk kk8h3:s&zM Th4Sϛ1U#[kl"{]Jr.Q=nfUސ# b9? q/Z^y|XqE*9"[ %`7qHYUҎZ@B& J, 7AQ^+yJ>? T--Kl`B`t0T:>VA{疣;*ٹeUht2COA#t Oke[c O*OC24 ^uVulם@ d9c7 ҳ9cHPVF7ݝ֏ X| 8lO.hb }, Xs#Q%7` <[u>(NaURb0yM&n~0qGĮ2C|R4upvVRcdLwV|qgSg _((M@NEqg˫PvxGl<"^|:uG7}Q'GaȶFW{kl )Cc}R>Ek ]'ا3й?-{We{ ],{ QFbfC#q얢MnD-f@h<˜4W6QĶqytcyږ0#ŸErΗ,ɀ'jV0U&|{e75wHR#sLdS1#7@j0\|H d[\O^مu&3k^೐|,/A,TT/D4;NB}aEt$T+ .ƕyXqө8Yo>_.:[,w9ΛcRI>QvCx$~']f(FRqO\|08P|ֻ]`֍[^zVju.'+e=`o g!V0qlǝl| n!%#^&Ůvbe)