dcsimg
 
 

Microsoft: To Avoid Zero-Day Attack, Use MS Word in Safe Mode

By Ryan Naraine  |  Posted 2006-05-23 Print this article Print
 
 
 
 
 

The software maker issues a security advisory with workarounds to limit the damage from zero-day attacks against Microsoft Word users.

Use Microsoft Word in safe mode to protect against targeted zero-day attacks.

That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program.

In a pre-patch security advisory, Microsoft said the flaw can be exploited when a user opens a specially crafted Word file using a malformed object pointer.

This corrupts system memory in such a way that an attacker could execute arbitrary code.

The flaw can be exploited via the Web or via e-mail but, in both scenarios, an attacker would have to trick a user into opening the rigged Word file.

In the absence of a patch, independent security researcher Matthew Murphy has released a registry script fix that sets a Software Restriction Policy that runs any instance of 'winword.exe' with the 'Basic User' policy.

Read the full story on eWEEK.com: Microsoft: Use MS Word in Safe Mode



 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

By submitting your information, you agree that baselinemag.com may send you Baselinemag offers via email, phone and text message, as well as email offers about other products and services that Baselinemag believes may be of interest to you. Baselinemag will process your information in accordance with the Quinstreet Privacy Policy.

Click for a full list of Newsletterssubmit