Monday, 24 Mar, 2008 Technology
61
votes

Microsoft Cautions of New Hacker Attack on Word Files

Share

Microsoft believes that hackers may use an unpatched hole in order to install malicious code in Word documents as well as in any system that opens these documents.

It is important that users are very cautious in opening documents in Windows Operating System, and namely Word files.

On March 22, the software giant warned that hackers may use an unpatched flaw in Microsoft's Windows in order to plant malware on users' PCs.

The possible attack reported by Microsoft's representatives is currently under the company's investigation. It is believed that the malware involves a Word file; however, Microsoft does not exclude other ways of using the flaw.

"Do not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources," announced Microsoft's representatives in a security advisory, which was posted to its website.

There is flaw in the Jet Database Engine, which is used by several products and one of them is Microsoft Access. The software giant is currently searching for other programs that might also be at risk, being exploited in this type of attack.

Despite the fact that this kind of unpatched attack is a permanent cause of worry, the company's representatives understated the risk.

"At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Current attacks require customers to take multiple steps in order to be successful; we believe the risk to be limited," Microsoft said.

The company did not announce when or if it is going to patch the bug. However, a statement offered to the press said that Microsoft did not exclude the possibility of an emergency patch, launched before its follow-up set of security updates that are due on April 8.

The risk category includes users of Word 2007, 2003, 2002 and 2000. Those who will not be affected are users of Windows Vista or Windows Server 2003, Service Pack 2. This is because these operating systems feature an improved version of Jet Database Engine, which, according to Microsoft, does not include the bug.

Technically speaking, PCs that feature a type of the Msjet40.dll lower than 4.0.9505.0 are at risk.

In addition there were some other reports regarding the attacks on the database software. A report was brought by the US-CERT (United States Computer Emergency Readiness Team) stating that in the same way hackers were sending out infected Microsoft Access Database (.mdb) files.

Powered by www.infoniac.com

Comments:

2 votes

//1 Aug 26, 2020 08:15 PM | posted by: Dennis Walter
Jerrylinkgroup at gmail dot com or +1 916 888 4118 is the best . I read lots of reviews here and testimonies of good deals although skepitical about them but I decided to try Jerry Link Credit Group so I can confirm if Is legit or not. I contacted them and was told the processes involved in fixing my credit score which I accepted and gave them the needed support from my end to get the job done that last week friday and was told to wait for 72 hours. Today, they helped me delete all the negative items on my credit report and increase my credit score to 782. They’re secured, fast and customer oriented. Am here to boldly recommend them as promised if my job is done without any excuse from their end and tell them I referred you to them.

Add your comment:



antispam code