Microsoft Tells Word Users To Play It Safe

Alex Bard
Staff Writer
Published: 2006-05-24

In this ever-changing world in which we live in, sometimes it's comforting to know that some things never seem to change. Puppies are still cute, Paul McCartney keeps making music and Microsoft has discovered another huge security flaw in one of their most often-used applications.

Cnetnews.com reports that Symantec issued a warning that a security hole in Microsoft Word renders computer users to cyberattack.

Would-be intruders already have attempted to compromise PCs at a Japanese government entity by exploiting the flaw, Vincent Weafer, the senior director at Symantec Security Response, said in an interview. In response, Symantec has raised its ThreatCon to Level 2, which means an outbreak is expected.

Microsoft responded quickly and differently from the previous fixes they've given for their other potential security breaches. This time, they advised that they probably wouldn't have a fix until the June 13 security updates are released, or perhaps sooner, if warranted.

"What we're seeing is a continuation of the targeted threat using zero-day vulnerabilities," Weafer said. (Zero-day flaws are ones for which no patch exists.)

Microsoft advised users to run Word in the "safe mode". That won't fix the hole, "but it will help block known modes of attack," Microsoft said in a security advisory published late Monday. The software maker is also developing a security update for Word.

Using "safe mode" is a two-step process. The first part involves disabling the use of Word as an e-mail client, the second is appending "/safe" to the command line that starts Word. Microsoft provides instructions for home and enterprise users in its security advisory. (Click on "security advisory" link listed above.)

News of the Word flaw and attack surfaced last week. Word 2002 and Word 2003 are vulnerable, but Word 2000 is not, Microsoft said. For an attack to be carried out, a PC user must open a malicious Word document sent in an e-mail or otherwise provided by an attacker, it said.

Aside from changing the way Word runs, people can protect their systems by being careful in the opening of Word documents received as an unexpected e-mail attachment, Microsoft said.

Microsoft Word Security

Reference: http://www.webpronews.com/topnews/topnews/wpn-60-20060524MicrosoftTellsWordUserstoPlayItSafe.html