Monday, 24 Mar, 2008 Technology

Microsoft Cautions of New Hacker Attack on Word Files


Microsoft believes that hackers may use an unpatched hole in order to install malicious code in Word documents as well as in any system that opens these documents.

It is important that users are very cautious in opening documents in Windows Operating System, and namely Word files.

On March 22, the software giant warned that hackers may use an unpatched flaw in Microsoft's Windows in order to plant malware on users' PCs.

The possible attack reported by Microsoft's representatives is currently under the company's investigation. It is believed that the malware involves a Word file; however, Microsoft does not exclude other ways of using the flaw.

"Do not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources," announced Microsoft's representatives in a security advisory, which was posted to its website.

There is flaw in the Jet Database Engine, which is used by several products and one of them is Microsoft Access. The software giant is currently searching for other programs that might also be at risk, being exploited in this type of attack.

Despite the fact that this kind of unpatched attack is a permanent cause of worry, the company's representatives understated the risk.

"At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Current attacks require customers to take multiple steps in order to be successful; we believe the risk to be limited," Microsoft said.

The company did not announce when or if it is going to patch the bug. However, a statement offered to the press said that Microsoft did not exclude the possibility of an emergency patch, launched before its follow-up set of security updates that are due on April 8.

The risk category includes users of Word 2007, 2003, 2002 and 2000. Those who will not be affected are users of Windows Vista or Windows Server 2003, Service Pack 2. This is because these operating systems feature an improved version of Jet Database Engine, which, according to Microsoft, does not include the bug.

Technically speaking, PCs that feature a type of the Msjet40.dll lower than 4.0.9505.0 are at risk.

In addition there were some other reports regarding the attacks on the database software. A report was brought by the US-CERT (United States Computer Emergency Readiness Team) stating that in the same way hackers were sending out infected Microsoft Access Database (.mdb) files.

Powered by


43 votes

//6 Aug 19, 2008 02:15 PM | posted by: Vyas Sneh
It is Not possible to code in word file and retrive on perticular software and haker's are not dum so they do this and if they want to do this they encode the word file and than use so every body can not understand.
46 votes

//5 Apr 25, 2008 06:40 PM | posted by: umerjs [InfoKID]
45 votes

//4 Apr 25, 2008 06:40 PM | posted by: umerjs [InfoKID]
i think that microsoft is the type of virus first u have to stop the microsoft then other
32 votes

//3 Apr 15, 2008 05:05 PM | posted by: snsuresh [InfoMANIAC]
why don't microsoft launch a free anti virus software free edition to stop this?
37 votes

//2 Apr 14, 2008 11:38 PM | posted by: JPM
honestly this garbage that happens within the windows operating system is not new in fact it has been around 95 and of course there is some flaw within anything that they make this isnt even worth reading because from what I've seen microsoft cant even bring out a solid product without it being hacked or being built wrong they are nothing but lazy crooks who will do anything for a quick buck
34 votes

//1 Mar 30, 2008 11:09 AM | posted by: soundararajan [InfoKID]
please give a proper antiviral solution for pc problems

Add your comment:

antispam code





Discover, share, comment and discuss with us on a variety of interesting stories. A lot of fascinating things are taking place every day around the globe and we welcome you to this world.