Hackers have painted a bulls eye on Microsoft Word and Office programs yet again, and this time they seem to have hit their mark.
The company issued a warning Wednesday stating there had been limited, targeted zero-day attacks exploiting a vulnerability that could allow code to be remotely inserted into a computer. The announcement came 24 hours after Microsoft released patches for 20 other flaws in its products, including six for Word.
The attack targets Office 2000 and Office XP. According to Microsoft, a user must first open a malicious Office file sent by an attacker via e-mail or some other method for the attack to launch. The company urged users to be cautious when opening unsolicited attachments, and has added detection capabilities to the Windows Live OneCare safety scanner to thwart the attacks.
David Cole, director of security response at Symantec, said attackers are not making life easy for Microsoft by attacking the day after “Patch Tuesday”–the second Tuesday of the month. He said it hasnt been until the past year that Word and Office applications have received high levels of scrutiny from hackers.
“What the attackers are looking for is anything they can get people to open,” he said.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.