Microsoft confirms security hole in Word 2000
Microsoft has issued a security advisory of its own regarding the security hole in Word 2000 that was made public last Monday. In this advisory the company confirms the security hole and makes suggestions about how to avoid dangers presented by specially prepared Word documents.
Microsoft's security experts are still in the process of examining the vulnerability, the advisory claims. They are also developing a patch, although the advisory does not name a release date. It is therefore somewhat unlikely that the company will have the security hole closed in time for September's Patch Tuesday next week.
Microsoft recommends that users not open or save Word documents from unknown sources, or even unexpected files from known sources. The Word Viewer 2003 appears to be immune to an attack, and so the company recommends opening documents using that software until an update is released.
- Vulnerability in Word Could Allow Remote Code Execution, Security advisory from Microsoft
- Microsoft Word 0-day Vulnerability FAQ, Frequently Asked Questions on the Zero Day vulnerability by Juha-Matti Laurio