Welcome to the SecAware blog

I spy with my beady eye ...

10 Dec 2006

You've got infected mail!

Attackers are actively exploiting an MS Word zero-day vulnerability by tricking users into opening malicious Word files using a form of social engineering. Infected files may arrive as email attachments from people you know and trust, as well as from those you’ve never heard of. It’s not yet clear whether Microsoft will release a patch on Tuesday: if not the fix may slip to January unless M$ releases an interim emergency patch. It all depends on the quality of their coding and the speed of their QA and release processes. Meanwhile take extra care with email attachments, even from friends and colleagues, and make sure your antivirus software is bang up to date. We'll be releasing an updated malware module early in the new year and a new module on application security shortly afterwards: don't let your organization become a statistic or case study!
More social engineering, incident management, bugs!, secure software development and malware links

1 comment:

  1. Gary

    Microsoft has confirmed that a new 0 day vulnerability has been discovered in their Microsoft Word product. The Microsoft Word vulnerability discovered last week which Microsoft announced will not be patched in this month’s release of patches. Both of these vulnerabilities are being actively exploited at the moment in attacks targeting specific organisations.

    The SecurityTeam Blog has a pretty comprehensive FAQ (http://blogs.securiteam.com/?p=759) on these issues.

    And if that was not enough to keep you awake at night, the folks at eEye Security have launched their Zero Day Tracker (http://research.eeye.com/html/alerts/zeroday/index.html) which lists current 0 day vulnerabilities by order of days of exposure.