by: Mark Mayo

Microsoft, on December 5, 2006, released Security Advisory (929433) warning of a limited “zero-day” attack using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006. Personally the last M$ explorer (reported by M$ as “limited”) zero day attack made it right on to 2 my of systems that are patrolled by nothing less than an arsenal of hardware and software security. IMO: MS had plenty of time to release their patch and by the time I found out about the flaw it was too late. So, I don’t like the way M$ is handling their flaws. Put your people on the fix NOW before your vulnerable software affects the very people that make your extravagant life possible!

M$’s overview of this new flaw:

Purpose of Advisory: To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the “Workarounds and Mitigations” and “Suggested Actions” section of the security advisory.

Advisory Status: Under Investigation.

Recommendation: Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources. This vulnerability could be exploited when a user opens a file.

I love the recommendation! Deja vu… yah buddy! How many cries and screams of horror will this one produce.

Billy Gates, please put vulnerability patching on your highest order list! You already have our money.

This entry was posted on Thursday, December 7th, 2006 at 11:52 pm and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.