New open security hole in Word
An entry on Microsoft's security blog reports that the company is currently investigating an additional security hole in the Office program Word. The hole could potentially be used by cybercrooks to plant and execute malicious code on vulnerable computers. The Redmond crew emphasises that the hole can only be targeted and exploited within certain limits.
This means that two of what are known as Zero Day holes have been open since last week, with no patches released as yet. The software giant is unlikely to release patches for the holes in the December edition of Patch Tuesday (due tomorrow). Microsoft's advance announcement for the event did not mention any Office updates.
The two Zero Day vulnerabilities affect Word 2000, 2002, 2003 and Word Viewer 2003; Word 2007 alone is unaffected by manipulated documents of this kind. Affected users should use Microsoft Office 2007 or an alternative Office program from another manufacturer until an update becomes available. Documents from questionable websites or unexpected Word documents from known sources, for example, are best processed using OpenOffice for now.
- New Report of A Word Zero Day, security advisory from Microsoft