Overclock.net › Forums › Industry News › Software News › [PcWorld] MS Word Vulnerability
New Posts  All Forums:Forum Nav:

[PcWorld] MS Word Vulnerability

post #1 of 11
Thread Starter 
Quote:
Microsoft Warns of New Attack on Word
Hackers may be exploiting an unpatched hole to plant malicious code in Word docs and any system that opens them.


Be extra careful when opening documents in Windows, especially if they are Word files.

Microsoft on Friday warned that cyber criminals may be taking advantage of an unpatched flaw in the Windows operating system to install malicious software on a victim's PC.

The reported attack, now under investigation by Microsoft, involves a malicious Word document, but there may be other ways of exploiting the flaw, Microsoft said.

"Do not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources," Microsoft said in a security advisory posted to its Web site late in the day.
Other Apps May be Vulnerable

The flaw lies in the Jet Database Engine that is used by a number of products including Microsoft Access. Microsoft is investigating whether other programs may also be exploited in this type of attack.

Although this kind of unpatched, "zero day" attack is always cause for concern, Microsoft downplayed the risk.

"At this time, we are aware only of targeted attacks that attempt to use this vulnerability," the company said. "Current attacks require customers to take multiple steps in order to be successful; we believe the risk to be limited."

Following its usual policy, Microsoft didn't say when -- or if -- it planned to patch the bug. But in a statement sent to the press, the company did not rule out the possibility of an emergency patch, released ahead of its next set of security updates, which are expected on April 8.

Users of many versions of Word, including Word 2007, 2003, 2002 and 2000 are at risk, unless they are running Windows Vista or Windows Server 2003, Service Pack 2. Those two operating systems include a newer version of the Jet Database Engine that does not have the bug, Microsoft said.

For the technically savvy: this means that PCs with a version of the Msjet40.dll that is lower than 4.0.9505.0 are vulnerable.

There have been other reports of attacks targeting this database software recently. In December, the US-CERT (United States Computer Emergency Readiness Team) warned that attackers were sending out malicious Microsoft Access Database (.mdb) files in a similar type of attack. Security experts speculated that this exploit could have been based on a publicly reported flaw in the Jet Database Engine.
Source
Original Thread @ Vr-Zone
The Kandalf
(16 items)
 
  
CPUMotherboardGraphicsGraphics
I7 5820K MSI X99S Gaming 7 ASUS R9 280X TOP Crossfire X ASUS R9 280X TOP Crossfire X 
RAMHard DriveOptical DriveOS
Crucial DDR4 2133MHz 8GB (2x4GB) Samsung SpinPoint F1 1TB HP DVD630 Ubuntu 
MonitorKeyboardPowerCase
2x Philips Brilliance 220CW Microsoft Wireless Desktop Elite Keyboard Fractal Design Newton R3, 800W 80+ Platinum Corsair 900D 
MouseMouse PadAudioAudio
Mionix Naos 8200 Razer Pro Solutions Arcam rDAC B&W CM1 
  hide details  
Reply
The Kandalf
(16 items)
 
  
CPUMotherboardGraphicsGraphics
I7 5820K MSI X99S Gaming 7 ASUS R9 280X TOP Crossfire X ASUS R9 280X TOP Crossfire X 
RAMHard DriveOptical DriveOS
Crucial DDR4 2133MHz 8GB (2x4GB) Samsung SpinPoint F1 1TB HP DVD630 Ubuntu 
MonitorKeyboardPowerCase
2x Philips Brilliance 220CW Microsoft Wireless Desktop Elite Keyboard Fractal Design Newton R3, 800W 80+ Platinum Corsair 900D 
MouseMouse PadAudioAudio
Mionix Naos 8200 Razer Pro Solutions Arcam rDAC B&W CM1 
  hide details  
Reply
post #2 of 11
Also for the tech savvy(which i hope is just about everyone here!), windows server 2003 = XP 64bit, just checked mine and i got the current version so im good with XP 64bit SP2!
post #3 of 11
Thank you for the info

rep+
Silent But Deadly
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 4790K Asus Maximus VII Hero Asus Strix GTX 970 4GB 16 GB G.Skill DDR3 1866 
Hard DriveCoolingOSMonitor
Samsung 840 Evo Noctua NH-D15 Windows 8.1 Enterprise Dell Ultrasharp U2412m x2 
KeyboardPowerCaseMouse
Ducky Shine 2 Corsair HX750i Fractal Design Define R5 Titanium Window Logitech G502 Proteus Core 
Mouse PadAudio
Razer Goliathus Beyerdynamic DT-880 Premium + JDSLabs O2 + ODAC 
  hide details  
Reply
Silent But Deadly
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 4790K Asus Maximus VII Hero Asus Strix GTX 970 4GB 16 GB G.Skill DDR3 1866 
Hard DriveCoolingOSMonitor
Samsung 840 Evo Noctua NH-D15 Windows 8.1 Enterprise Dell Ultrasharp U2412m x2 
KeyboardPowerCaseMouse
Ducky Shine 2 Corsair HX750i Fractal Design Define R5 Titanium Window Logitech G502 Proteus Core 
Mouse PadAudio
Razer Goliathus Beyerdynamic DT-880 Premium + JDSLabs O2 + ODAC 
  hide details  
Reply
post #4 of 11
im glad i use open office in vista
post #5 of 11
I just installed Office 2007 yesterday.. lol >_> Thanks for info, +REP
post #6 of 11
Open Office = FTW?
PURE ACTION!
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 955 GA-990XA-UD3 NVIDIA GeForce GTX 460 Corsair  
RAMHard DriveOptical DriveOS
Corsair  2x500GB 7200.11 RAID 0 + 320GB 7200.11 1x DVD Windows 7 x64 
MonitorKeyboardPowerCase
22" Acer WS Logitech Ergo 700W OCZ GameXstream Antec 300 
Mouse
MX-600 
  hide details  
Reply
PURE ACTION!
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 955 GA-990XA-UD3 NVIDIA GeForce GTX 460 Corsair  
RAMHard DriveOptical DriveOS
Corsair  2x500GB 7200.11 RAID 0 + 320GB 7200.11 1x DVD Windows 7 x64 
MonitorKeyboardPowerCase
22" Acer WS Logitech Ergo 700W OCZ GameXstream Antec 300 
Mouse
MX-600 
  hide details  
Reply
post #7 of 11
Once again though, if your not a total moron, and open things that randomly popped up onto your desktop, or something like that, then I'm sure you won't have to worry about viruses much. (Unless you cruse the pr0n sites 24/7)
'bout time.
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X6 Thuban; 2.8 Asus M4A87TD Evo Radeon HD 6850 1GB G.Skill 4GB (2x2) DDR3 1600 
Hard DriveOptical DriveOSMonitor
WD Caviar Black 1TB Lite-On DVD/CD RW Windows 7 Home 64-bit Acer G235HAbd 23'' WideScreen 
KeyboardPowerCaseMouse
Logitec K120 OCZ ModXStream Pro 600W Cooler Master HAF 932 Gigabyte GM-M6800 
Mouse Pad
XTRAC Ripper Black 
  hide details  
Reply
'bout time.
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X6 Thuban; 2.8 Asus M4A87TD Evo Radeon HD 6850 1GB G.Skill 4GB (2x2) DDR3 1600 
Hard DriveOptical DriveOSMonitor
WD Caviar Black 1TB Lite-On DVD/CD RW Windows 7 Home 64-bit Acer G235HAbd 23'' WideScreen 
KeyboardPowerCaseMouse
Logitec K120 OCZ ModXStream Pro 600W Cooler Master HAF 932 Gigabyte GM-M6800 
Mouse Pad
XTRAC Ripper Black 
  hide details  
Reply
post #8 of 11
Quote:
Originally Posted by TheSubtleKnife View Post
Open Office = FTW?
Yes sir. Free and more secure - although that may be for the sole fact that no one really targets it right now.
Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 E2140 @2.67GHz Abit IP35 Pro Radeon X1900XT 512MB 2x1GB GSkill HZ 
Hard DriveOptical DriveOSMonitor
2x500GB Samsung HD501LJ + 2x80GB (1.16TB total) 2 X NEC ND-3550A Windows XP Home 24" Acer LCD (AL2324W) 
KeyboardPowerCaseMouse
Saitek Executive PC P&C Silencer 610W AeroCool AeroEngine II w/ 2x140mm intake fans Logitech MX518 
Mouse Pad
Generic foam rubber pad 
  hide details  
Reply
Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 E2140 @2.67GHz Abit IP35 Pro Radeon X1900XT 512MB 2x1GB GSkill HZ 
Hard DriveOptical DriveOSMonitor
2x500GB Samsung HD501LJ + 2x80GB (1.16TB total) 2 X NEC ND-3550A Windows XP Home 24" Acer LCD (AL2324W) 
KeyboardPowerCaseMouse
Saitek Executive PC P&C Silencer 610W AeroCool AeroEngine II w/ 2x140mm intake fans Logitech MX518 
Mouse Pad
Generic foam rubber pad 
  hide details  
Reply
post #9 of 11
patch nothing... why can't they just force users to install a Msjet40.dll that is higher than 4.0.9505.0?
post #10 of 11
Quote:
Originally Posted by Xerasyte View Post
Once again though, if your not a total moron, and open things that randomly popped up onto your desktop, or something like that, then I'm sure you won't have to worry about viruses much. (Unless you cruse the pr0n sites 24/7)
2/7? what about then?
Immortal
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6600 44G 3.240GHz Asus P5B-deluxe eVGA 8800GT (650/950) 2GB PQIturbomem 667(800mhzballistix soon) 
Hard DriveOptical DriveOSMonitor
1x 400GB Seagate 7200rpm/16mb cache Some super combo drive Windows XP Home/Ubuntu NEC MultiSync LCD1970GX 
KeyboardPowerCaseMouse
Logitech cordless 610w PCP&C silencer TTArmor w/side fan G7 
Mouse Pad
Black IcematII 
  hide details  
Reply
Immortal
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6600 44G 3.240GHz Asus P5B-deluxe eVGA 8800GT (650/950) 2GB PQIturbomem 667(800mhzballistix soon) 
Hard DriveOptical DriveOSMonitor
1x 400GB Seagate 7200rpm/16mb cache Some super combo drive Windows XP Home/Ubuntu NEC MultiSync LCD1970GX 
KeyboardPowerCaseMouse
Logitech cordless 610w PCP&C silencer TTArmor w/side fan G7 
Mouse Pad
Black IcematII 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [PcWorld] MS Word Vulnerability