Zero Day Exploit on Microsoft Word Documents
DON’T OPEN THAT WORD DOC! That’s what Microsoft is saying. Yep, you read that right. Microsoft is saying NOT to use Word! Yep… if ever there was a time to switch to OpenOffice.org, that time is NOW!
“Microsoft on Dec. 5 warned that an unpatched vulnerability in its Word software program is being used in targeted, zero-day attacks.
A security advisory from the Redmond, Wash., company said the flaw can be exploited if a user simply opens a rigged Word document. Affected software versions include Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. There are no pre-patch workarounds available. Microsoft suggests that users ‘not open or save Word files,’ even from trusted sources. ‘As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources,’ the company said. Users who have installed and are using the Office Document Open Confirmation Tool for Office 2000 will be prompted with Open, Save or Cancel before a file is opened. This offers a minor warning mechanism for Word users. The high-risk alert comes exactly one week before the company’s scheduled December Patch Tuesday, but there is no word yet from Microsoft on the timing of its fix for Word.” (Emphasis mine.)
The “fix” is simple: OpenOffice.org. Download from the link below: