two
Volume 3, Number 18 -- May 24, 2006

Zero-Day Word Exploit Attacks from Asia Reported

Published: May 24, 2006

by Alex Woodie

A newly discovered security vulnerability in Microsoft Word is being exploited by attacks utilizing e-mail attachments to deliver a payload that could allow attackers to take control of the victims' computers, the SANS Internet Storm Center reported last week. Microsoft says it is working to fix the exploit, and will issue a patch on the next regularly scheduled patch release day, June 13, if not sooner.

SANS ICS reports that the zero-exploit appears to have originated in China or Taiwan, and that the payload has rootkit-like powers to cover its tracks, eludes antivirus detection, and can give the attacker total control over the affected system. However, the e-mail attacks utilizing this exploit are very targeted at this point, and are not widespread.

Few people have been sent infected Word attachments. However, Office users should be on their toes in case such attacks increase in frequency over the next three weeks before a patch is made available.

The new Word exploit is only being sent to those on the attackers target list, and it requires a user to open an infected message, which will somewhat lessen its ability to infect. However, because the e-mails are spoofed to appear to come from trusted sources within the victim's own company or organization, users may be tricked into opening them.

The zero-day exploit was the subject of a Microsoft security advisory published Sunday: See Microsoft Security Advisory 919637.

Sponsored By
WOLF COMPUTER CONSULTING

Reliable service and affordable rates for all
of your business computing needs.

                                             * Network Design/Installation/Support
                                             * Network Printing/Digital Print Migration
                                             * Upgrades and Troubleshooting
                                             * Training
                                             * Graphic Design
                                             * Virus Removal
                                             * Consulting

Wolf is a Microsoft Certified Systems Engineer and
Microsoft Certified Systems Administrator.

Contact Wolf
Email: info@wolfconsult.net
Fax: 973-293-0100
Phone: 914-443-5534
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Micro Focus:  Develop, extend and deploy applications with Server Express and Enterprise Server
OpenLogic:  Install, integrate, test, manage, and learn over 120 open source projects with BlueGlue
COMMON:  Join us at the Fall 2006 conference, September 17-21, in Miami Beach, Florida

 
THIS ISSUE SPONSORED BY:

Vision Solutions
World Data Products
MKS
Lakeview Technology
Wolf Computer Consulting



TABLE OF CONTENTS
Microsoft Unveils "Viridian" Hypervisor, Extends Virtualization Roadmap

Server Makers Dabble in Dempsey Xeons, Wait on Woodcrest

Dell Says Uncle, Readies Opteron-Based PowerEdge Servers

SAP Focuses on Web Services, SOA with mySAP ERP 2005

But Wait, There's More:

Microsoft Ships New Betas of 'Big 3' Products at WinHEC . . . Symantec Accuses Microsoft of Stealing Virtualization Technology . . . Zero-Day Word Exploit Attacks from Asia Reported . . . Microsoft Ships TCP Chimney Technology as 'Scalable Networking Pack' . . . HP Boasts of 50,000 SAP Installations, Solaris 10 on X64 Gets SAP Support . . . IBM Researchers Push Tape Densities in the Lab . . .

The Windows Observer

BACK ISSUES

The Four Hundred
Sun Microsystems Begins Taking Java Open Source

Next Up on the System i: Native .NET

Business Continuity Planning: Are OS/400 Shops Ready for Disaster?

Mad Dog 21/21: Patent Depending

The Linux Beacon
Dell Says Uncle, Readies Opteron-Based PowerEdge Servers

Sun Microsystems Begins Taking Java Open Source

IBM Buys Rembo for Bare-Metal Server and Desktop Provisioning

HP's Revenues Up 5 Percent in Q2, Profits Jump 51 Percent

Big Iron
CA Updates Database Tools, Encrypts Mainframe Tapes

Top Mainframe Stories and Vendor Announcements

Chats, Webinars, Seminars, Shows, and Other Happenings

The Unix Guardian
Sun Merges Server Units, Taps Key Exec for Storage

HP's Revenues Up 5 Percent in Q2, Profits Jump 51 Percent

Infor to Buy SSA Global for $1.36 Billion

ERP Software: Its Effect on Human Performance and Impact on Productivity


 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement