|
*UNPATCHED* vulnerability affects MS Word, Access
ALARM Group ALERT - click for a description of ALARM, The Computing Alert System
Alert Number: 032408-01
Alert Date: 03/24/08
Alert Title: *UNPATCHED* vulnerability affects MS Word, Access
Update-to: None.
OS/Platform/Application:
Microsoft Word 2007 (including Service Pack 1) on Windows XP, Windows Server 2003 Service Pack 1, and Microsoft Windows 2000
Microsoft Word 2003 (Service Packs 2 and 3)
Microsoft Word 2002 Service Pack 3
Microsoft Word 2000 Service Pack 3
Microsoft Access**
Category: ALERT
Severity: HIGH
Attention: MS Word and Access Users, Windows System Administrators, Desktop Support Personnel
Summary: On March 21 2008 Microsoft published a security advisory (950627) that details a vulnerability in its Jet Database Engine. The Jet Database Engine is used by Microsoft Word and therefore the vulnerability can exploit MS Word when users open or save maliciously-crafted MS word documents.
Not all versions of the Jet Database Engine are vulnerable and so not all versions of Microsoft Word are vulnerable. MS Word on Windows Vista (including Service Pack 1) and Windows Server 2003 (Service Pack 2 only) are not vulnerable. All other versions of Word on Windows systems are presumed vulnerable.
At the time of this writing (9:34 AM 3/24/08), Microsoft is stating that attacks related to this vulnerability are of a "very limited, targeted" nature and have yet to release a patch to address this issue. Successful exploitation of this vulnerability could result in a variety of negative outcomes ranging from program crash to complete takeover of a vulnerable computer. In light of these possibilities the vulnerability is being listed as "highly critical" by various Internet security resources.
**NOTE: At least one Internet Security resource is reporting that the Jet Database Engine Vulnerability can also affect .mdb files that are handled by MS Access.
Recommended Actions: Microsoft may release a patch for this vulnerability ahead of its monthly cycle of security updates. If a patch is released for this vulnerability ALARM will send notice of its availability. In the meantime, MS word and Access users are encouraged to use caution when opening MS Word and Access documents from familiar sources and if possible completely avoid opening such documents from unknown/untrusted senders. See the security advisory and associated information (links provided below) for more information.
Readers are encouraged to share this alert with family, friends, and associates who may use MS Word and/or Access on their home PCs.
ITS Actions: N/A
Resources:
Microsoft Security Advisory 950627:
http://www.microsoft.com/technet/security/advisory/950627.mspx
Microsoft Security Response Center Blog entry on vulnerability:
http://blogs.technet.com/msrc/archive/2008/03/21/msrc-blog-microsoft-security-advisory-950627.aspx
SANS Security Advisory:
http://isc.sans.org/diary.html?storyid=4183
Secunia Advisory:
http://secunia.com/advisories/14896/
Network World Article:
http://www.networkworld.com/news/2008/032208-microsoft-warns-of-new-word.html
|
