Post-Patch Tuesday attacks target upgraded Microsoft Word flaw

Microsoft released an advisory Wednesday of exploits actively targeting a zero-day vulnerability in Word.

The attacks are the latest example of the "Exploit Wednesday" trend - attackers releasing malware the day after Microsoft’s monthly Patch Tuesday fix release.

The vulnerability was first disclosed last Friday as a flaw that could only be used for DoS attacks, but researchers now believe it can be used to execute arbitrary code.

The Redmond, Wash.-based corporation is aware of "limited, targeted attacks" against Word using a flaw in Word 2000 and Office XP, according to Microsoft’s advisory.

In order for an attack to be carried out, a user must open a malicious Office file attached to an email or posted on a website, according to a Microsoft spokesman.

The vulnerability exists in Office versions 2000 and XP and Word versions 2000 and 2002, according to Secunia, which ranked the flaw as "extremely critical," meaning it can be exploited for remote access and exploits are in the wild.

The flaw is caused due to an unspecified error in the parsing of Word documents, according to the Danish vulnerability clearinghouse.

US-CERT advised Office users to disable automatic opening of Microsoft Office documents, not rely on file name extension filtering and exercise caution opening Word documents.

Craig Schmugar, McAfee Avert Labs research manager, first revealed the flaw on Avert's blog last Friday, according to US-CERT.

The other outstanding Word exploit, some dating back to early December, were patched in Tuesday's security update.

Sign up to our newsletters