Symantec researchers said they were tipped off when they realized the malware document wasn't in OLE format.
When Tuesday is patch day, Microsoft's monthly vulnerability fixing ritual, Wednesday almost certainly becomes exploit day.
So it was yesterday, when Symantec security researchers reviewed a Microsoft Word document that caused the application to crash when opened. That's because the Word file contained exploit code and other malware.
What's different about this particular exploit is that it was made on a Macintosh computer.
"We tried using various combinations of Word versions, patches, and languages, and in each case (with the exception of Office 2007), opening the document would cause Word to crash," said Orla Cox, a Symantec Security Response engineer, in a blog post. "After taking a closer look, we could see that the document contained shell code and three other pieces of malware. What was interesting about the document was that it wasn't in OLE format, meaning that it wasn't a standard Microsoft Office document. After some investigation we determined that the document had actually been created using Word for Macintosh."
Microsoft Security Bulletin MS07-060, issued on Tuesday, identifies a Word memory corruption vulnerability in Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, and Microsoft Office 2004 for Mac that could allow code to be executed by a remote attacker.
"It seems that the trend for exploiting vulnerabilities around the same time as Patch Tuesday continues," said Cox, noting that Microsoft itself had confirmed the existence of this exploit in the wild.
Ben Greenbaum, senior researcher at Symantec Security Response, said the fact that the exploit was created on a Mac wasn't really relevant and didn't demonstrate any inherent weakness in the Mac platform with regard to security. In fact, he said that using a Mac version of Microsoft Word served to limit the effectiveness of the exploit because "many installations in the field won't open the file."
As Cox explained, "The good news is that the default configuration in Microsoft Office 2007 and Office 2003, Service Pack 3, will not allow you to open some older Office file formats, including Office for Macintosh documents."
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?