Wednesday, December 06, 2006

Problematic Zero-day Vulnerability in Microsoft Word!

Microsoft has just released a security advisory (929433) about a new zero-day vulnerability found in a bunch of versions of Word and also Works: Word 2000, Word 2002, Word 2003,Word Viewer 2003, Word 2004 for Mac, Word 2004 v. X for Mac, Works 2004, Works 2005, Works 2006
So far the use of this vulnerability is limited and the AV industry is monitoring the situation. Let's just hope Microsoft can get this fixed in time for the next batch of monthly patches which is on the 12th of December. In the meanwhile, you could follow this useful workaround suggested by Microsoft: Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. Interesting suggestion isn't it? That's what I call a bad 'Sinterklaas' gift. I hope the Holy Man will give us something better next time!