Microsoft Word Zero Day Flaw Reminds Us Why Upgrading Matters

Microsoft has issued a temporary fix for a vulnerability that can be exploited to install malware via infected Word documents. The fix is welcome, but the lesson for everyone is that sticking with older OSes and office suites can render you more vulnerable.

Like most Word vulnerabilities, this one would be most easily exploited by creating a specially-crafted document and sending it attached to a persuasive email designed to induce the recipient to open it. It doesn't affect Word 2013, and only affects Word 2010 on XP and Windows Server 2003 machines. It's potentially an issue for Office 2003 and 2007 across all Windows platforms.

The temporary fix created by Microsoft stops the exploit working, and there are also other workarounds available. However, users running a four-versions-old release of Office perhaps shouldn't be totally surprised that vulnerabilities emerge.

Microsoft Security Research & Defense [via Graham Cluley]


Comments

    Use Window 95 and Word and Excel for 95. Who is writing exploits for that!!

      I see your Win95 and raise you my typewriter.

        I see your typewriter, raise you a quill pen.
        Next: stone and chisel, or paint on a cave wall?

          I see your proposal for chisels and cave-paint and raise you pointing, miming and grunting around a fire.

            I'll see your point and miming, and raise you peeing on trees to mark my territory!

Join the discussion!

Trending Stories Right Now