Details
A zero-day flaw surfaced in Microsoft Word last week that's currently under attack. In response, Microsoft released Security Advisory 929433, detailing the new remote code execution threat that affects most versions: Word 2000, Word 2002, Word 2003, Word Viewer 2003, Word 2004 for Mac, Word 2004 v. X for Mac, Microsoft Works 2004, Microsoft Works 2005, and Microsoft Works 2006. Secunia has released its own advisory for the threat—http://secunia.com/advisories/23232.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5994
An attacker could rig a Word file in such a way that he would gain complete control over a vulnerable PC when the file is opened, Microsoft said in its advisory.
An attacker could exploit the flaw by hosting a Web site with a malicious Word file or send an e-mail with the file as an attachment. In all cases, the target would have to open the file to be compromised, Microsoft said.
Security experts have said the limited-scale attacks are the most dangerous.
Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern, since they can be blocked. Instead, especially for businesses, targeted Trojan horses have become nightmares, as they can fly under the radar.
In the meantime, Microsoft's only advice is to avoid opening Word documents from untrusted sources. My advice is to change your organization's default file format from .doc to .rtf. While not enough details are available about the current threat to be certain that this change will block attacks, this approach has been effective in protecting against earlier Word file attacks.
Although it may not work against this memory corruption exploit, the .rtf format doesn't store the dangerous macros often embedded in .doc files even though it retains many of the popular and most used features. In fact, I typically insist on the .rtf format from any strangers.
Final word
Just say NO to .doc files. Give some real consideration to whether the marginal advantages of using the .doc file format is really worth the risk of exposing your organization to new Word malware every few months.
At the minimum, require all files sent from outside the local network to be in .rtf format. And when there's an active, unpatched threat such as the current one, I wouldn't hesitate to require .txt file attachments from strangers. If a complete stranger can't figure out how to do that, I probably don't need to read what he or she has to say anyway.
IT Locksmith
A zero-day flaw surfaced in Microsoft Word last week that's currently under attack. In response, Microsoft released Security Advisory 929433, detailing the new remote code execution threat that affects most versions: Word 2000, Word 2002, Word 2003, Word Viewer 2003, Word 2004 for Mac, Word 2004 v. X for Mac, Microsoft Works 2004, Microsoft Works 2005, and Microsoft Works 2006. Secunia has released its own advisory for the threat—http://secunia.com/advisories/23232.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5994
An attacker could rig a Word file in such a way that he would gain complete control over a vulnerable PC when the file is opened, Microsoft said in its advisory.
An attacker could exploit the flaw by hosting a Web site with a malicious Word file or send an e-mail with the file as an attachment. In all cases, the target would have to open the file to be compromised, Microsoft said.
Security experts have said the limited-scale attacks are the most dangerous.
Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern, since they can be blocked. Instead, especially for businesses, targeted Trojan horses have become nightmares, as they can fly under the radar.
In the meantime, Microsoft's only advice is to avoid opening Word documents from untrusted sources. My advice is to change your organization's default file format from .doc to .rtf. While not enough details are available about the current threat to be certain that this change will block attacks, this approach has been effective in protecting against earlier Word file attacks.
Although it may not work against this memory corruption exploit, the .rtf format doesn't store the dangerous macros often embedded in .doc files even though it retains many of the popular and most used features. In fact, I typically insist on the .rtf format from any strangers.
Final word
Just say NO to .doc files. Give some real consideration to whether the marginal advantages of using the .doc file format is really worth the risk of exposing your organization to new Word malware every few months.
At the minimum, require all files sent from outside the local network to be in .rtf format. And when there's an active, unpatched threat such as the current one, I wouldn't hesitate to require .txt file attachments from strangers. If a complete stranger can't figure out how to do that, I probably don't need to read what he or she has to say anyway.
IT Locksmith
Buy on AliExpress.com
