Once again, a zero-day exploit has surfaced in a Microsoft product just days after Patch Tuesday. And, as has been the growing trend, the exploit is in Microsoft Office, not the operating system.
The company is investigating new public reports of “very limited, targeted attacks” against Microsoft Word. This vulnerability exists only in Office 2000 and Office XP. Office 2007 and 2003 are not affected.
Microsoft has posted an alert on the issue. As is so often the case, the exploit requires the user to open a malicious Word file that is sent in an email or some other means. If a person is foolish enough to open an attachment or file from an unknown source, the code in the Word file could take over their computer.
This would give the program the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
For now, standard security measures apply. Don’t open a file from an unknown source and keep your antivirus software up to date. Microsoft has added detection of this new virus to Windows Live OneCare. A fix to stop the exploit in Word is planned, but Microsoft hasn’t issued a release date as of yet.