We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Twenty-Four Seven Security

Peter Schooff

Critical MS Word Flaw Found

Vote 0 Votes

Microsoft is looking into a vulnerability in MS Word that could allow a hacker to gain control of a PC or Mac just from opening a malicious Word file attached to an email.

According to this Microsoft advisory, so far this previously unknown flaw has only been used in limited attacks and affects Word 2000, Word 2002, Word 2003, Microsoft Word Viewer 2003, Word 2004 for Mac, Word 2004 version X for Mac, and Works 2004, 2005, and 2006.

"In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker," the advisory stated.

Microsoft may release a patch for the issue on its regularly monthly patch schedule, which would fall on December 12, or could issue an emergency update before or after that date.

Until then, and even after than, it's a good idea never to open an attachment from a sender you don't directly know. And even if you do get an attachment from someone you know, it's probably a good idea to approach attachments cautiously, and if anything about the email seems even a little bit off (I once got an email from a lawyer friend that started off with "Yo," and my friend would never say that), check with the sender directly.

Leave a comment

Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

Peter Schooff

Peter Schooff is Contributing Editor at ebizQ, and manager of the ebizQ Forum. Contact him at pschooff@techtarget.com

Recently Commented On

Monthly Archives