Security Alerts: Careful with the Docs!
Announced by Microsoft on December 5, 2006: "Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker."
Well, of course we all know not to open unexpected attachments - but we're mostly tuned in to executables, and not quite so careful with .doc attachments.
What happens in this attack is that the user opens a "specially crafted Word file" that contains "a malformed string" which may "corrupt system memory in such a way that an attacker could execute arbitrary code." (In other words, run malware on your system.)
The attacks can be perpetrated either via email - the expected route - or via website that contain an infected Word file. Consequently, you might be innocently surfing around, choose the wrong link to try out, and become infected.
What can help? Run a firewall, keep your anti-virus software current, don't visit suspicious sites, don't open unrequested email attachments (if it appears to come from a friend, send a separate email confirming with them that the attachment was intended). And finally, if you feel you have been compromised, contact Microsoft Product Support Services at 1-866-PCSAFETY.
Announced by Microsoft on December 5, 2006: "Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker."
Well, of course we all know not to open unexpected attachments - but we're mostly tuned in to executables, and not quite so careful with .doc attachments.
What happens in this attack is that the user opens a "specially crafted Word file" that contains "a malformed string" which may "corrupt system memory in such a way that an attacker could execute arbitrary code." (In other words, run malware on your system.)
The attacks can be perpetrated either via email - the expected route - or via website that contain an infected Word file. Consequently, you might be innocently surfing around, choose the wrong link to try out, and become infected.
What can help? Run a firewall, keep your anti-virus software current, don't visit suspicious sites, don't open unrequested email attachments (if it appears to come from a friend, send a separate email confirming with them that the attachment was intended). And finally, if you feel you have been compromised, contact Microsoft Product Support Services at 1-866-PCSAFETY.
Comments