Microsoft officials once again are battling reports of attacks on their software.
The company is now investigating reports of targeted attacks being launched against Microsoft Office Word 2002 Service Pack 3.
This is the second advisory of zero-day attacks against Microsoft products this week. On July 7, the company warned of hackers targeting a vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Office Access.
This time the attacks, announced July 8, are exploiting a vulnerability in MS Office Word SP 3. The flaw can be exploited if a user opens a malicious Microsoft Word file with malformed data. The specially crafted file corrupts system memory and enables the attacker to execute code remotely, according to Microsoft.
Word 2002 SP 3 is the only version susceptible to the issue. However, Microsoft Office Word 2000 may crash if the type of malicious .doc file used in the attack is opened, the company warned.
As a workaround, the company advises users to utilize Microsoft Office Word 2003 Viewer or Microsoft Office Word 2003 Viewer Service Pack 3 to open and view Microsoft Word files. The company also urges users not to open or save Word document files coming from untrusted sources.
“Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers,” Microsoft Security Response Communications Manager Bill Sisk wrote in a blog post. “We will continue to monitor the situation and post updates to the advisory and the [Microsoft Security Response Center] blog as we become aware of any important new information.”
