two
Volume 3, Number 30 -- September 6, 2006

Zero-Day Word Exploit Making the Rounds

Published: September 6, 2006

by Alex Woodie

A critical flaw in Microsoft Word 2000 is being actively exploited to enable hackers to take full control of effected Windows 2000 machines. Symantec, which reported the flaw first on Sunday, says the exploit requires users to open a maliciously crafted Word document, a route of infection that will keep the vulnerability from being exploited by a worm. Microsoft's next round of patches is due in less than a week, but will that give the vendor enough time to fix the problem?

Symantec says in its advisory that the new zero-day Word exploit is being taken advantage of by an existing Trojan, called MDropper.Q. First, it requires a user to open a maliciously crafted Word document, most likely spread via e-mail or downloaded from a Web site. The MDropper.Q Trojan then drops another Trojan, which in turn drops another file, which turns out to be a new variant of Backdoor.Femo, which was used to infect Office 2003 documents recently.

Danish security researcher Secunia labeled the new vulnerability as "extremely critical" in an advisory posted Tuesday. Meanwhile, the French Security Incident Response Team says in its advisory, also posted yesterday, that the flaw is the result of a memory corruption error in Word 2000.

Because documents incorporating the exploit code must be manually opened with a vulnerable copy of Microsoft Word 2000 to spread, the new vulnerability is unsuitable for the creation of self-replicating network worms, Symantec says. Just the same, the new exploit shows what a "great" platform Microsoft is for circulating malicious code, the Microsoft competitor explains.

"Microsoft Office vulnerabilities are a great platform for social engineering and e-mail-based attacks," Symantec says in its advisory. "As most of these document types are generally allowed to pass through most firewalls and security solutions, Microsoft Office documents are good vehicle for hiding executable malicious code."

Microsoft is reportedly looking into the newly discovered vulnerability, but, as of late Tuesday, has not publicly commented about the problems. In the past, the company has kept customers up-to-date about security problems and its intended actions through advisories on its TechNet Security site and through postings to its Microsoft Security Response Center Blog!

Microsoft has another day to figure out what it's going to do. The company, which is due to release its monthly round of patches next Tuesday, will list the patches to expect on its TechNet Security site tomorrow as part of its "early advisory" program.


RELATED STORIES

Zero-Day Word Exploit Attacks from Asia Reported

Get Your Patch On: 8 Critical Updates Issued by Microsoft

Sponsored By
OPENLOGIC

OpenLogic
Solving the Open Source Dilemma

Open source tools are constantly evolving, but their strengths can cause your headaches. Unpredictable updates and ongoing maintenance can turn productive developers into frustrated system administrators and consume untold hours. OpenLogic can help.

Our flagship product, BlueGlue, enables you to install, integrate, test, manage, and learn over 120 open source projects in minutes.

Take a guided tour and get the free demo at www.openlogic.com
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Vision Solutions:  Get facts on managed availability and business continuity to eliminate downtime
Wolf Computer Consulting:  Reliable service and affordable rates for business computing needs
COMMON:  Join us at the Fall 2006 conference, September 17-21, in Miami Beach, Florida

 
THIS ISSUE SPONSORED BY:

OpenLogic
MKS
World Data Products
Lakeview Technology
Micro Focus



TABLE OF CONTENTS
Zero-Day Word Exploit Making the Rounds

Microsoft Releases Windows Vista RC1, New OS Pricing

Intel to Cut 10,500 Jobs to Save $6 Billion

Does the Size of Your IT Supplier Really Matter?

But Wait, There's More:

Windows Virtual Server R2 SP1 Beta-2 Released . . . Microsoft Rewards Executives with $951 Million in Stock Grants . . . Red Cross To Use 'KatrinaSafe' People-Locator in Future Disasters . . . Tandberg Acquires Exabyte as Tape Market Consolidates . . . Companies Continue to Consume Massive Amounts of Storage . . . Researchers Build Prototype Ion Pump to Cool Chips . . .

The Windows Observer

BACK ISSUES

The Four Hundred
Bang for the Buck: Enterprise i5 Servers Versus the Competition

The Governor-Buster Saga Starts Again with MAX400

Pre-COMMON Sound Off: Lack of i5 Marketing Still the Major Complaint

Mad Dog 21/21: Frequent Deniers Club

The Linux Beacon
Novell Sees Sales Slip in Q3, Undertakes Stock Option Review

SPEC Creates New CPU2006 Benchmark Tests

Scalent to Support Solaris with Virtual Operating Environment

As I See It: Biology and Technology--the Uneasy Union

Big Iron
Frequent Deniers Club

Top Mainframe Stories and Vendor Announcements

Chats, Webinars, Seminars, Shows, and Other Happenings

The Unix Guardian
SPEC Creates New CPU2006 Benchmark Tests

Intel Delivers 'Tulsa' Xeon MP Server Chip Early

Scalent to Support Solaris with Virtual Operating Environment

As I See It: Productivity and Relationship


 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement