New Attack on MS Word

This post was written by admin on March 29, 2008
Posted Under: Exploits,Free PC Security,Microsoft

Hackers may be exploiting an unpatched hole to plant malicious code in Word docs and any system that opens them.

Be extra careful when opening documents in Windows, especially if they are Word files.

Microsoft have warned that cyber criminals may be taking advantage of an unpatched flaw in the Windows operating system to install malicious software on a victim's PC.

The reported attack, now being investigated by Microsoft, involves a malicious Word document, but there may also be other ways of exploiting the flaw.

Do not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources.

The flaw lies in the Jet Database Engine that is used by a number of products including MS Access.

Microsoft is investigating whether other programs may also be exploited in this type of attack.

This kind of unpatched, "zero day" attack is always cause for concern.

Following its usual policy, Microsoft didn't say when, or if it planned to patch the bug.

In a statement sent to the press, the company did not rule out the possibility of an emergency patch being released ahead of its next set of security updates, which are expected on April 8.

Users of many versions of Word, including Word 2007, 2003, 2002 and 2000 are at risk, unless they are running Windows Vista or Windows Server 2003, Service Pack 2.

Those two operating systems include a newer version of the Jet Database Engine that does not have the bug.

For technically savvy users this means that PCs with a version of the Msjet40.dll that is lower than 4.0.9505.0 are vulnerable.

There have been other reports of attacks targeting this database software.

In December, the United States Computer Emergency Readiness Team warned that attackers were sending out malicious MS Access Database (.mdb) files in a similar type of attack.

Security experts assumed that this exploit could have been based on a publicly reported flaw in the Jet Database Engine.

AddThis Social Bookmark Button

Surf Safer, Surf with WOT - Click Here or the links below

Internet ExplorerWeb of Trust for Internet Explorer

FirefoxWeb of Trust for Firefox

Google ChromeWeb of Trust for Google Chrome

OperaWeb of Trust for Opera

  This content has been Digiproved © 2010

Add a Comment

required, use real name
required, will not be published
optional, your blog address

IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

What is 8 + 7 ?
Please leave these two fields as-is:
CommentLuv Enabled
Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 3,765 bad guys.

Next Post:
Previous Post:
Get Adobe Flash playerPlugin by wpburn.com wordpress themes