Microsoft: Attacks Targeting Unpatched Word Flaw
Microsoft warned on Tuesday that has received reports of online criminals attacking a previously undocumented (and unpatched) security hole in various versions of its Microsoft Word application.
In an advisory, Microsoft said the problem is present in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005 and 2006.
Microsoft said it is working on a patch to fix the problem, but the earliest that users are likely to see it would be Dec. 12, the company's next regularly scheduled patch release date.
That's probably expecting too much too soon, however. So far this year, according to my tally, Microsoft has taken roughly 26 days on average to issue patches for critical Word or other Office related flaws that were being actively exploited in the wild. That data comes from another time-to-patch analysis that I'm working on that examines how quickly Microsoft responded to security flaws either reported to them directly or discovered being exploited in the wild in 2006.
In the meantime, Microsoft urged users to avoid opening or saving "Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources."
But you've already adopted that security posture, haven't you? Of course you have.
Posted by: J. Warren | December 6, 2006 5:16 PM | Report abuse
Posted by: Rich Gibbs | December 7, 2006 1:20 PM | Report abuse
Posted by: David | December 7, 2006 5:28 PM | Report abuse
Posted by: Doug | December 7, 2006 7:59 PM | Report abuse
Posted by: Bk | December 7, 2006 11:05 PM | Report abuse
Posted by: Mark Odell | December 8, 2006 2:34 PM | Report abuse
The comments to this entry are closed.