Legacy Microsoft Word exploit on the loose

Microsoft patched several vulnerabilities in its currently supported operating systems and Office suit but a new exploit is circling around older, but still supported, versions of Word.

Security vendor Symantec noticed a vulnerability crop up on Wednesday, just one day after the patches were released, that can crash every single version of Word except the newest version, Word 2007.  The vulnerability comes in the form of a Word document and includes shell code with three pieces of malware attached to it.

ComputerWorld says it was also discovered that the document had been created using the version of Word that is included with Office for Mac 2004.

The patches that Microsoft released were supposed to correct this very same vulnerability and while not exactly the same, a new hole in the patches were found and exploited.

A spokesperson for Symantec said, “Taking a closer look at that vulnerability, we confirmed that this document was in fact exploiting the same vulnerability.”

Before you ask, Office 2004 for Mac is also affected, updates for all version of Microsoft Word/Office are available through Microsoft Update or Office Update.  The Mac Edition of the patch is available right here.

• 

• Security headaches for Excel users as Microsoft warns of zero-day attack
• Adobe buys Buzzword online word processor to compete with Microsoft, Google
• Microsoft no-security-patch statement gives cybercrooks more time
• Beware: Zero-day follows Patch Tuesday
• Microsoft will fix DNS vulnerability on Patch Tuesday