The Windows Observer--Another Zero-Day Flaw Found in Word

Newsletters	Subscriptions	Forums	Safari	Store	Career	Media Kit	About Us	Contact	Search	Home

Volume 4, Number 7 -- February 21, 2007

Another Zero-Day Flaw Found in Word

Published: February 21, 2007

by Alex Woodie

Microsoft warned of a newly discovered security flaw in Word 2000 and Word 2002 that's being actively exploited on the Web. The vulnerability continues a recent spate of zero-day vulnerabilities in Office programs, mostly Word and Excel.

As the rest of the Windows-using world was busy last Tuesday applying a dozen patches that fixed 20 vulnerabilities across a range of products, Microsoft was getting ready to post an advisory on the newly discovered Word vulnerability. The company's TechNet Security group published Security Advisory 933052 last Wednesday to let people know it's aware of the problem and working on a fix.

"Very briefly, I wanted to let you know that we've posted a new advisory on a new Word issue," wrote Alexandra Huft on Microsoft's Security Response Center Blog!. "We've activated our Software Security Incident Response Process (SSIRP) and we are aware of . . . very limited, targeted attacks attempting to exploit this."

Microsoft has been hit by a string of zero-day vulnerabilities recently. Since mid-December, at least six security flaws have been discovered in Office. Making matters worse is the fact that hackers are rolling out exploit code simultaneous to the discovery of the vulnerability, which is what makes a zero-day vulnerability. The bad stretch has been tempered somewhat by the fact that none of the flaws have been exploited by mass-replicating vectors, such as worms or viruses. In most of the cases, users must be tricked into opening the malformed Word or Excel file to release Trojan code onto the computer.

Microsoft patched seven zero-day vulnerabilities in last Tuesday's round of patches. The new Word vulnerability is the only zero-day not currently patched, according to eEye Digital Security's Zero-Day Tracker.

Sponsored By
MKS

You're at Bat, and It's Time for a "Change Up".
Change Up to MKS Implementer and MKS Integrity
for Application Lifecycle Management - Move to MKS NOW and SAVE!

Has the recent acquisition of your change management provider thrown you a curve ball?
Is your vendor offering you loosely coupled tools, leaving you with information gaps and a technical headache? Can your current change management solution meet your needs
today - and tomorrow?

This isn't slow pitch.

The world of software development is moving at a rapid pace and you need to be ready to meet new demands. Change management is a vital component of your business -- the foundation for compliance, for modernization, for process control and risk management. You need a vendor that can keep up with these business demands.

A winning team, less risk, more advantages.

Join a team that is reliable, steadfast and dedicated to delivering tangible business results to System i5 customers as well as cross-platform teams. MKS is firmly dedicated to the change management market and has a clear product roadmap. MKS's Implementer for software change management and deployment has a reputation of technical excellence with large and small customers across every industry.

Make the change up - move to MKS NOW and SAVE!

For a limited time MKS will help you make the move with special pricing when you purchase Implementer with MKS Integrity - giving you integrated workflow, complete audit trails and
coverage of the application lifecycle as well as a platform to manage both System i5 and
cross-platform development.

Visit the Products section of the MKS website for more information on
Implementer and MKS Integrity.

Click here to request more information on our time limited "change up" offer.

Download the white paper:
"Managing iSeries Development in the Application Modernization Era."

The time is now to make the switch.

Call MKS today at 1-800-613-7535 to discuss your options, and while you're at it, request a
FREE change management process assessment by our team of experts with over 40 years of experience in the midrange market.

Contact MKS Sales at 1-800-613-7535 or sales@mks.com
For more information, visit www.mks.com/solutions

Editor: Alex Woodie

Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan

Publisher and Advertising Director: Jenny Thomas

Advertising Sales Representative: Kim Reed

Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Vision Solutions: Get facts on managed availability and business continuity to eliminate downtime
Wolf Computer Consulting: Reliable service and affordable rates for business computing needs
COMMON: Join us at the Spring 2007 conference, April 29 - May 3, in Anaheim, California


In Formation: Q&A with Infor Chairman Jim Schaper GST Says Buy Cheaper i5 Disk Controllers and Lots of Disks Chip Makers Strut Their Stuff at ISSCC Mad Dog 21/21: Paved With Good Intentions


Chip Makers Strut Their Stuff at ISSCC AMD Delivers Faster and Cooler Rev F Opteron Chips Zend Upgrades Commercial Add-Ons for Its PHP Engine As I See It: Measuring What Counts


Vision Begins Product Transition with iTera HA 5.0 Fujifilm Introduces Tape Cases for Secure Media Transport Accruent Fills a Gap in Real Estate Management Magic Puts Focus Back on eDeveloper with Giveaway, Contest


IBM Previews Future z/OS, z/VM Mainframe Operating Systems Top Mainframe Stories From Around the Web Chats, Webinars, Seminars, Shows, and Other Happenings


Be Content with Content Assist The Long and Short of Setting Up Level 40 Security What Happened to My Backup?


February 10, 2007: Volume 9, Number 6 February 3, 2007: Volume 9, Number 5 January 27, 2007: Volume 9, Number 4 January 20, 2007: Volume 9, Number 3 January 13, 2007: Volume 9, Number 2 January 6, 2007: Volume 9, Number 1


HP Adds Entry Itanium Servers, Finally Delivers HP-UX 11i v3 Unix Is Dead? It Isn't Even Sick. . . Chip Makers Strut Their Stuff at ISSCC As I See It: Measuring What Counts


Four Hundred Monitor's Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:
Lakeview Technology Gabriel Consulting Group World Data Products IOUG MKS