Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Word Zero-Day, So Sayeth Microsoft SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Word Zero-Day, So Sayeth Microsoft
Microsoft released an announcement of a zero-day vulnerability in Microsoft Word.   Read about it here.

Of particular interest, they say:

"Microsoft is investigating new public reports of limited 'zero-day' attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.  In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker."

Microsoft's advice?  They say, "Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file."

Ok... sure.  Thanks.

--Ed Skoudis

57 Posts
Dec 5th 2006

Sign Up for Free or Log In to start participating in the conversation!