There has been plenty of coverage of the latest ‘zero day’ security breach in Microsoft Word.
The security problem is a concern because it shows up a gap in all versions of Word, for Windows and Mac.
It’s being exploited by attackers now and there’s no immediate fix from Microsoft.
On the good side, there are few reports of this exploit being used.The standard precautions for any incoming Word documents will be sufficient until Microsoft releases a patch.
ZERO DAY WORD BUG
It’s being called a ‘Zero Day’ flaw which is geek-speak meaning there’s currently no patch for the security breach.
Microsoft knows about this problem but has not said when a patch for Word will be released.
It could be included in a regular monthly set of patch updates (almost certainly not the December 2006 ones) or the company might decide to release a patch earlier than that.
Yet another way has been found to use a Word document as a backdoor onto your computer.
The security breach is exploited when a hacked Word document corrupts computer memory in such a way that a program can be run, unknown to the computer user. You think you’re opening a document, in fact you’re running an unknown program as well.
That program can potentially do anything it wants, track keystrokes on your computer, forward copies of documents, emails or passwords or use the computer to send viruses or spam to other computer users.
At this stage, documents using this trick are very limited and hopefully it’ll stay that way until the patch is released.
WHO IS AFFECTED?
Pretty much anyone using Microsoft Word.
The list of affected software includes:
- Word 2000
- Word 2002 (XP)
- Word 2003
that means anyone with any version of Office 2000, Office XP or Office 2003.
The free Word Viewer 2003
after those obvious candidates the list gets a little confused. The Microsoft security bulletin (929433) has product names wrong at the time we checked before publication. For the Macintosh it says
” Word 2004 for MacWord 2004 v.X for Mac “
We think they mean Word 2004 for Mac and Word v.X for Mac – in other words the current and immediate past versions of Office for Mac.
Regarding Microsoft Works the security bulletin says:”Works 2004, 2005 and 2006 “normally these security glitches only apply to Works Suite for Windows because ‘Works Suite’ has a full copy of Word while the cheaper ‘Works’ does not.
The computer needs to be running with administrator privileges which Microsoft likes to present as a mitigating factor but the reality is that most people have those privileges in daily use.
You have to open a hacked document before it does it’s nasty thing, simply receiving a hacked document via email or other source isn’t enough.
We’re pleased to see that Microsoft has amended their advice about documents from ‘un-trusted sources’. That was silly because many viruses use ‘spoofing’ so the infected messages appear to come from someone you know.Now the company says to be wary of ‘un-trusted sources’ and documents received ‘unexpectedly from trusted sources’ which is a little better.
WHAT TO DO?
There’s reason for caution about any incoming Office documents, regardless of the latest headlines .. caution but not panic.
While Microsoft has yet to patch the underlying security hole, the anti-virus companies should be able to detect any malicious software that runs from a hacked Word document.
As always, be careful of any files you receive via email regardless of who appears to have sent them. Check incoming files with updated anti- virus software at all times.
Source: Office Watch…