Security Adviser | Roger A. Grimes » New Microsoft zero-day exploit

December 08, 2006 | Comments: (0)

New Microsoft zero-day exploit

TAGS: None

Affects all versions of MS-Word. Trojans in the wild and spreading.

A new MS-Word zero day exploit has been found. Microsoft discusses it here.

At least two trojans have been discovered connected to the exploit, so the vulnerability is in the wild. You can read about those here.

This exploit has the ability to go big, but so far MS-Office threats haven't really gone widespread in the last few years. I think this one could have more legs because it affects all versions of Word, and has no easy defense, other than don't open unexpected MS-Word files, even if you know the sender's name. You can always email the sender to confirm before opening.

It doesn't help that MS-Word file extensions can be nearly any file extension (that isn't already defined) in Windows, and MS-Word will open the file. So it can appear as one type of file, and really be a malicious MS-Word file.

12-10-06 Update:
McAfee announced a malware program that uses the MS-Word exploit vector. It is not widespread.

Posted by Roger Grimes on December 8, 2006 09:13 AM

RATE THIS ARTICLE: