Microsoft offers workaround for Word flaw

Article

Microsoft offers workaround for Word flaw

Bill Brenner, Senior News Writer
Microsoft confirmed Tuesday that a previously unknown flaw in its Word application is being actively exploited. To blunt the threat, the vendor suggested customers only use Word in safe mode.

    Requires Free Membership to View

    Login

    When you register you’ll also receive the latest news, advice and technical tips designed specifically for midmarket IT leaders like yourself. Our award-winning editorial team will give you immediate access to emerging business and technology trends.

    Scot Petersen, Editorial Director, SearchCIO-Midmarket

    By submitting your registration information to SearchCIO-MidMarket.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchCIO-MidMarket.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

"Microsoft is investigating new public reports of limited 'zero-day' attacks using a vulnerability in Microsoft Word XP and Microsoft Word 2003," the company said in an advisory published this week. "In order for this attack to be carried out, a user must first open a malicious Word document attached to an email or otherwise provided to them by an attacker."

The advisory offers tells customers how to run the flawed Word 2002 and Word 2003 programs in safe mode. Microsoft also listed the following guidelines for using Office documents in safe mode:

  • Don't open Word files that are embedded in other applications, such as Excel, PowerPoint or others.
  • Even after the workarounds are applied, refrain from opening Word files directly from any mail clients (Outlook or Hotmail, for example) by double-clicking them. Users should save Word documents to a disk or on the desktop and use the "Word Safe Mode" shortcut.
  • Don't open .doc files from a Web site through Internet Explorer or any other browser.
  • If customers don't see "safe mode" in the Word title bar, they are not running Word in safe mode.
  • Customers should use Word Viewer 2003 to open and view files. The free Word Viewer 2003 does not contain the vulnerable code and is not susceptible to the current exploit.

    Targeted exploit code that takes advantage of Microsoft Word to open a backdoor for attackers was first reported in the wild late last week.

    Cupertino, Calif.-based antivirus giant Symantec Corp. raised its ThreatCon level from 1 to 2 (on a scale of 4) as a result of the exploit, currently known as Trojan.Mdropper.H.

    Symantec said the zero-day exploit arrives as a Word document attached to an email. The document appears to be of Japanese origin and includes text summarizing a recent U.S.-Asian political summit.

    The document's OLE structure is a dropper program called Backdoor.Ginwui. Once a victim opens the document, that program creates a backdoor for attackers to exploit the system using a previously unknown vulnerability.

    The software giant said it is completing a security bulletin for Word to address the vulnerability. "The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the June security updates on June 13, 2006, or sooner as warranted," Microsoft said.

    This article originally appeared on SearchSecurity.com.