Microsoft Issues Word Vulnerability Warning - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
3/24/2008
12:09 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
[Best Practices] Managing Multiple Clouds
Jul 26, 2017
Putting all your eggs in one cloud basket is risky, because clouds are not immune to denials of se ...Read More>>

Microsoft Issues Word Vulnerability Warning

Users of Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable.

Microsoft on Friday issued a security advisory about a software vulnerability that may affect users of Microsoft Word.

Microsoft said it was investigating reports of "very limited, targeted attacks using a vulnerability in the Microsoft Jet Database Engine that can be exploited through Microsoft Word."

The Microsoft Jet Database Engine extends data access to a variety of Microsoft and third-party applications, including Microsoft Access, Microsoft Visual Basic, and certain Information Services (IIS) applications.

Versions of the Microsoft Jet Database Engine (msjet40.dll) lower than 4.0.9505.0 are vulnerable to a buffer overrun flaw. For the attack to succeed, an attacker would have to convince a user to open a Word file, either as an attachment or hosted on a Web site, designed to load a database file that uses msjet40.dll.

Microsoft considers the risk to be "limited." It advises users of its software not to open Word documents from untrusted sources or unexpected Word documents from anyone.

A variety of security vendors have noted that targeted attacks have become more prevalent in recent years. Because they affect only a few organizations or individuals, targeted attacks tend to elicit less of a response from technology providers and law enforcement.

The vulnerability affects Microsoft customers running Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

Users of Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable.

Earlier this month, as part of its regularly scheduled Patch Tuesday, Microsoft fixed a dozen vulnerabilities in its Office suite. Eric Schultze, chief technology officer of Shavlik Technologies, said at the time that vulnerability fixes in client-side applications follow from attackers looking more closely at server-side vulnerabilities.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll