NOW READ THIS
("Security Advisory")
Go Back
Submitted by: Bill Hickey
NCVA List Master
NRT-0013 HACKERS ACTIVELY EXPLOITING NEW MICROSOFT WORD FLAW:
http://www.cio-today.com/story.xhtml?story_id=49625
According to researchers at Symantec, there is a new vulnerability in Microsoft WORD that hackers have begun exploiting to allow them to take complete control of a victim’s computer.
The new vulnerability is called a "zero-day attack" because hackers began exploiting the vulnerability on the same day the flaw was publicly disclosed. Symantec rates the vulnerability as "extremely critical" and the unpatched vulnerability follows closely on the heels of three other unpatched Microsoft WORD flaws.
Symantec calls the new threat: Trojan.Mdropper.W, and it relies on a specific execution vulnerability to install files onto a compromised computer.
Two other remote-code execution vulnerabilities - one that was exploited in the wild by two Trojans and another that was exploited in the wild in limited target attacks were also discovered in December, and remain unpatched by Microsoft.
This is a continuing theme of hackers exploiting file format vulnerabilities, most especially in Microsoft Office file formats. Antivirus tools do not always work against these exploitations because hackers are most likely to alter files and bypass known antivirus software operating characteristics.
Short of blocking all WORD files, your defense options are pretty limited until a patch is issued
While we constantly remind everyone to only open files from TRUSTED sources, this is a defense tactic that tends to have limited success, sometimes because an attachment CAN come from a spoofed source that APPEARS to be from someone you trust.
Last Modified: Saturday, 27-Jan-2007 16:11:37 EST