Microsoft: To Avoid Zero-Day Attack, Use MS Word in Safe Mode

By Ryan Naraine  |  Posted 2006-05-23 Email Print this article Print
 
 
 
 
 
 
 

The software maker issues a security advisory with workarounds to limit the damage from zero-day attacks against Microsoft Word users.

Use Microsoft Word in safe mode to protect against targeted zero-day attacks.

That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program.

In a pre-patch security advisory, Microsoft said the flaw can be exploited when a user opens a specially crafted Word file using a malformed object pointer.

This corrupts system memory in such a way that an attacker could execute arbitrary code.

The flaw can be exploited via the Web or via e-mail but, in both scenarios, an attacker would have to trick a user into opening the rigged Word file.

In the absence of a patch, independent security researcher Matthew Murphy has released a registry script fix that sets a Software Restriction Policy that runs any instance of 'winword.exe' with the 'Basic User' policy.

Read the full story on eWEEK.com: Microsoft: Use MS Word in Safe Mode



 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters