|
ALARM Group ALERT - click for a description of ALARM, The Computing Alert System
Alert Number: 090606-01
Alert Date: 9/6/06
Alert Title: Microsoft releases security advisory for Word vulnerability
Update-to: None
OS/Platform/Application: Microsoft Word 2000
Attention: Windows System Administrators, Desktop Support Personnel, Word 2000 users |
Summary: On September 6 2006 Microsoft released security advisory 925059 in response to a vulnerability in its Word 2000 product. At the time of this writing (15:20 9/6/06) no patch has yet been made available by the vendor and several Internet security-related agencies are reporting the active public, circulation of malicious exploit code for the vulnerability. The vulnerability is specific to the opening of specifically-crafted word documents and so it requires an end-user to manually open such a document; common vectors of exploit include email attachments, files hosted on websites, etc.
Recommended Actions: Microsoft is currently developing a security update that will address this vulnerability. In the meantime, security advisory 925059 provides a workaround and some basic advice on how to minimize the risk of exploit, such as not opening documents from unknown or untrusted resources. System administrators, support personnel, and end-users of Word 2000 are encouraged to read security advisory 925059 at their earliest convenience and (where appropriate) follow the recommendations to reduce their vulnerability profile.
ITS Actions: No additional specific actions are being taken to address this vulnerability at the present time. An update will be issued if any new actions are taken.
Resources:
Microsoft Security Advisory 925059:
http://www.microsoft.com/technet/security/advisory/925059.mspx
FrSirt Article on vulnerability:
http://www.frsirt.com/english/advisories/2006/3448
