14 DAY TRIAL // On the heels of the February 2007 Microsoft monthly patch cycle, the Redmond Company has confirmed another zero-day vulnerability affecting Office 2000 and Office XP. The confirmation presents relevance because it acknowledges the fact that the vulnerabilities are actively targeted by attacks. However, Microsoft has informed that the attacks are not widespread.
"Very briefly, I wanted to let you know that we've posted a new advisory on a new Word issue. We've posted Microsoft Security Advisory (933052) that details a vulnerability that affects Word 2000 and Word 2002. We've activated our Software Security Incident Response Process (SSIRP) and we are aware of very limited, targeted attacks attempting to exploit this," stated Alexandra Huft, Microsoft Security Program Manager.
This new Word vulnerability comes in the wake of Microsoft patching an array of Critical and Important flaws across the Office suites. Microsoft's February 2007 Security bulletins address a total of 20 vulnerabilities.
"Although none of the critical flaws have been exploited, Microsoft users need to get these patches in place pronto," said Carole Theriault, senior security consultant at Sophos. "We are seeing a huge number of threats on infected web pages whose sole purpose is to exploit Microsoft vulnerabilities on innocent computers. Having anti-virus and firewalls in place is not enough - patching vulnerabilities should be near the top of the priority list."
As of yet, Microsoft has failed to deliver any additional details, as the issue is under investigation, but Huft promised that an update will be offered in due time. In order to keep safe Office 2000 and XP users should avoid opening files from untrusted or unknown sources.