Microsoft Word Zero Day Flaw Reminds Us Why Upgrading Matters

Microsoft Word Zero Day Flaw Reminds Us Why Upgrading Matters
To sign up for our daily newsletter covering the latest news, hacks and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Lifehacker Australia homepage to visit whenever you need a fix.

Microsoft has issued a temporary fix for a vulnerability that can be exploited to install malware via infected Word documents. The fix is welcome, but the lesson for everyone is that sticking with older OSes and office suites can render you more vulnerable.

Like most Word vulnerabilities, this one would be most easily exploited by creating a specially-crafted document and sending it attached to a persuasive email designed to induce the recipient to open it. It doesn’t affect Word 2013, and only affects Word 2010 on XP and Windows Server 2003 machines. It’s potentially an issue for Office 2003 and 2007 across all Windows platforms.

The temporary fix created by Microsoft stops the exploit working, and there are also other workarounds available. However, users running a four-versions-old release of Office perhaps shouldn’t be totally surprised that vulnerabilities emerge.

Microsoft Security Research & Defense [via Graham Cluley]

Comments

Show more comments

Comments are closed.

Log in to comment on this story!