Rebounding from recent reports that China hackers
are exploiting a zero-day vulnerability in Word to launch a Trojan
horse, Microsoft is advising users to run the application
in “safe mode.”
Security experts last week reported a spate of incidents involving
Asian and U.S. government agencies that received official-looking e-
mail with attached Word files.
Selecting those documents triggered a
download of software that gave hackers control of systems, including
altering or destroying information.
While Microsoft announced a fix to the vulnerability will be part
of its June 13 security updates, the software giant
advised users to launch Word only in “safe mode,” in the interim. This way,
toolbars, preferences and other options cannot be changed.
“Do not attempt to open any Word files as you may be vulnerable,”
according to Microsoft.
Additionally, the security advisory instructs users “do not open
Word files directly from any mail clients, for example Outlook or
Hotmail.” Instead, such files should be saved and then viewed from
Word opened in safe mode.
Microsoft condemned how the hole was initially reported by
security researchers.
“This new vulnerability in Word was not
disclosed responsibly, potentially putting computer users at risk,”
according to the updated advisory.