Microsoft warns of attacks on Word hole
Shortly after Symantec reported the discovery of a trojan called Mdropper.W, Microsoft confirmed that the trojan can penetrate systems through a hole in Word. In security advisory 932114, Microsoft adds, however, that only the outdated Word 2000 for Windows is vulnerable. More recent versions and Word for Mac OS are reportedly not affected. Furthermore, Microsoft says that attacks are quite rare.
There is currently no patch or workaround. Microsoft has not announced whether one would be released next Patch Tuesday or ahead of time, merely stating that one was being worked on. The list of outstanding patches for Microsoft software should thus only be a bit longer for a short time.
Aside from Symantec and Microsoft as part of Windows Live OneCare, the scanners of AntiVir, BitDefender, F-Secure, Kaspersky and Trend Micro have now been equipped with signatures that detect the infected Word document being circulated.
Security experts have reported that a slightly changed version of the contaminated document is in circulation; while AntiVir, BitDefender, F-Secure, Kaspersky and Trend Micro can reportedly detect it, the scanners of Symantec and OneCare apparently cannot.