Published: 2008-07-09
Microsoft warned late Tuesday that the company had begun investigating "limited" attacks that appear to be exploiting a flaw in a single version of the company's Word document processing program.
The attacks target a vulnerability in Microsoft Office Word 2002 Service Pack 3. Word 2000 does not appear to be vulnerable, but a specially crafted .doc file used in the attack could crash the earlier version of the program, Microsoft stated in an advisory.
"At this time, we are aware of limited, targeted attacks attempting to use the reported vulnerability, but we will continue to track this issue," Bill Sisk, security program manager for Microsoft, said in a blog post.
Exploiting vulnerabilities in Microsoft Office has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies, since computer-emergency response organizations flagged the attacks in 2005.The advisory warning about the issue came hours after Microsoft released its regularly scheduled patches on Tuesday. The four fixes remedied a total of nine issues, including a widespread flaw in the domain-name system (DNS) software.
The only workaround that Microsoft currently recommends is for users to open .doc files with Microsoft Office Word 2003 Viewer or Microsoft Office Word 2003 Viewer Service Pack 3. Versions of Microsoft's Word program more recent than 2002 appear not to be affected by the attacks.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos
