Microsoft hunts down targeted attacks on Word flaw - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

Microsoft hunts down targeted attacks on Word flaw

By Martin LaMonica, ZDNet.com.au
March 25, 2008
URL: http://www.zdnet.com.au/news/security/soa/Microsoft-hunts-down-targeted-attacks-on-Word-flaw/0,130061744,339287404,00.htm

Microsoft is looking into a vulnerability that could affect Word, the company said on Monday.

Overall, Microsoft said, it believes the vulnerability's risk is limited because it requires people to take multiple steps for the hack to be successful. Microsoft said it is only aware of targeted attacks that take advantage of the flaw.

The vulnerability is in Microsoft's Jet Database engine, which can be exploited through Word. Microsoft is investigating whether other applications can also exploit the vulnerability.

According to Microsoft's security alert:

Customers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable to the buffer overrun being attacked, as they include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue.

Customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1 are vulnerable to these attacks.

People who believe they have been attacked can go to the Microsoft Web site for support.