Microsoft Word Users Attacked by Cybercriminals

Windows is by far the most used operating system in the world, and as a direct result, it is targeted the most by cyberattacks, that take advantage of any flaw they might find. Microsoft is regularly issuing updates that patch the security liabilities, but the software company cannot keep up with the rate at which the holes are being discovered.

The latest warning issued by the Redmond-based company regards Microsoft Word, and a flaw that was discovered as being used by malware producing individuals to install their software on a target victim's computer. A MS security advisory says that users should "not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources." The risk presented by this hole in security, however, is not believed to be major, as "current attacks require customers to take multiple steps in order to be successful." Nevertheless, the possibility of additional and refined methods of attempting to send the malicious code via this flaw lying in the Jet Database Engine, was not excluded, and the team in charge with patching it is currently studying which other services might find themselves vulnerable.

Everybody running the 2000, 2002, 2003 and 2007 versions of Word are a potential target, unless the operating system used is Microsoft Server 2003 and Microsoft Vista, which have been shipped with a newer version of the Jet Database Engine. Any version of Msjet40.dll that is lower than 4.0.9505.0 will make an excellent target for Cybercriminals, and an emergency patch might be rolled out in order to plug it, ahead of the next security updates, expected on the 8th of April.

Should an attack be successful, the same user rights as the local user will be granted to the one conducting the process, but it will only impact heavily on those having administrator rights on the computer, while the accounts configured to have fewer user rights will be less affected.