Monday, May 29, 2006

Zero Day Exploit in Word

A Zero Day Exploit is a vulnerability for which there is no patch.... yet! It seems that a new security hole has been discovered in Microsoft Word and as yet there is no patch for it, although Microsoft are hoping to issue a security update for Word in June.

The malicious software arrives as a Microsoft Word file attachment to an e-mail message. When the document is opened by the user, the vulnerability is triggered. In the case that was reported by Symantec, the Word document actually displayed some text related to a treaty with China, but while the text was displayed, a backdoor was installed on the system. Backdoor software allows intruders to enter computers surreptitiously.

The vulnerability was confirmed in Word 2003, Symantec said. The malicious file caused Word 2000 to crash, but did not run the malicious payload, it added.

Microsoft is advising users to run word in 'safe mode', this should block any attacks.

Enabling "safe mode" is a two-step process. The first part involves disabling the use of Word as an e-mail client, the second is appending "/safe" to the command line that starts Word.
For an attack to be carried out, a PC user must open a malicious Word document sent in an e-mail or otherwise provided by an attacker. Aside from changing the way Word runs, people can protect their systems by being careful in the opening of Word documents received as an unexpected e-mail attachment, Microsoft said.

Microsoft's advisory contains detailed advice on suggested workarounds and can be found here.