Successful attacks require users to open a malformed Word 2000 file attachment or download one from a malicious Web site.
Microsoft is digging into the fourth unpatched vulnerability in Microsoft Word in the last two months, the company security team said.
The zero-day flaw, which was first publicized Friday by Symantec , lets attackers hijack PCs running Microsoft Word 2000, and crash machines with Word 2002 or 2003. Attacks already are under way.
Microsoft's Security Response Center (MSRC) posted a warning late Friday. "We are currently investigating a report of a posting of proof of concept code which could allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted Word document," Alexandra Huft of the MSRC in a blog posting. "We are aware of very limited, targeted attacks attempting to use the vulnerability reported."
Successful attacks require users to open a malformed Word 2000 file attachment, or download and open such a document from a malicious Web site, said Microsoft.
The flaw is the fourth Word flaw to go unpatched. In early-to-mid December, Microsoft acknowledged three other Word vulnerabilities. None of those bugs were patched during the December or January regularly scheduled security updates.
In the Friday warning, Microsoft promised to patch the new Word 2000 zero-day flaw but set no timetable for producing a fix.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.