Third unpatched vuln menaces Word
No end to the madness in sight
Posted in Security, 15th December 2006 16:04 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Hackers have released an exploit targeting a third unpatched vulnerability in Microsoft Word. The flaw is different from the two previous Word vulnerabilities reported earlier this month, US CERT helpfully explains.
This time around we're dealing with a memory corruption flaw that might be exploited providing users are tricked into opening a malformed Word document to either crash - or load malware onto - vulnerable PCs running Word. Attack code was available at Milw0rm.com, so the potential for mischief is high.
Pending a patch for Microsoft against the trio of unpatched bugs currently at large, US-CERT recommends users to avoid untrusted Word documents or attachments from unsolicited email messages and to use updated anti-virus packages as a way of mitigating the risk of attack. In an echo of Microsoft's advice when the first of these security bugs came out little over a week ago (on December 6) the security clearing house further advises punters not to open unfamiliar or unexpected email attachments, even if sent by a trusted source. ®
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server


Airport insecurity: the case of lost laptops
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive