Microsoft Confirms New Word Zero-Day Attack

There’s another Microsoft Word zero-day attack under way.

Microsoft on Sept. 5 confirmed that malicious attackers are exploiting a new, undocumented flaw in Word 2000 to load back-door Trojans on Windows machines.

The acknowledgment follows a warning from anti-virus vendor Symantec that the threat was detected in the wild targeting Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP systems.

A spokesman for Microsoft said the Redmond, Wash., vendor’s security response team has investigated the report and concluded that the attack is limited to users of Word 2000. “[We are aware of] an attack scenario that involves malware known as Win32/Wordjmp and Win32/Mofeir,” the spokesman said, adding that definition updates have been rolled out to the company’s free Windows Live OneCare safety scanner for detection and removal.

Security alerts aggregator Secunia rates the flaw as “extremely critical” and urged Word users to avoid opening Word documents from untrusted sources.

The FrSIRT vulnerability research team described the bug as a “memory corruption error” that occurs when Word 2000 handles a malformed document. “[This] could be exploited by attackers to execute arbitrary commands by tricking a user into opening a specially crafted Word document,” FrSIRT said in a published advisory.

Read the full story on eWEEK.com: Microsoft Confirms New Word Zero-Day Attack