Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

May 20, 2006

MS Word zero day exploit in the wild

Alerts are circulating about a zero-day attack exploiting a buffer overflow vulnerability in Word XP and Word 2003 (not the free Word document reader, nor Word 2000). The attack seen, to date, appears to have been targeted against a specific organization, dropping a "Trojan with rootkit features" (i.e. it conceals its presence). As usual in these circumstances, the initial information is somewhat vague, mostly third-hand reports, but when SANS ISC and various antivirus vendors pipe up, there's enough smoke to indicate a probable fire. Microsoft's security team confirmed they are on the case through a blog entry, with a patch anticipated on patch Tuesday in June. Meanwhile, our advice for now would be to avoid opening Word documents attached to emails unless the sender is known to you and the content was expected. Also, for good measure, avoid opening Word documents downloaded from web pages on dubious websites - not a bad idea in itself.
More malware resources