In the last two month of 2006 alone , at least four major protection flaws involving Microsoft Word were revealed . All are"zero day " flaws , meaningMicrosoftand security organizations became aware of them at the same time that destructivehackersbecame aware of them . In many " zero day " display case , it ’s the using of the fault that brings it to the attention of the software company ; in other cases , the software system company announce the flaw and hacker immediately take vantage of it before a plot can be release . The unusual thing about these Word problems is that almost eight weeks after the fault were exploited by assailant , Microsoft still had n’t released a patch to gear up it .
The first in this string of security maw popped up in early December 2006 . This flaw affects computers running Word 2000 , 2002 and 2003 ; Word 2004 for Mac and Word 2004 translation X for Mac ; Word Viewer 2003 ; and Microsoft Works 2004 , 2005 and 2006 . An attacker hide a piece of code in a Word papers and put it on a Web site for download or sends it out as ane - mailattachment . When a user downloads or opens the document , the assailant can remotelycontrol the substance abuser ’s computerand execute a wide regalia of codes under the user ’s own login . This defect came to Microsoft ’s attention on December 5 , 2006 , when hoi polloi started reporting attacks .
A 2d , previously unnamed flaw started to draw attention just a workweek later , this one also allowing a remote attacker to take control of a user’sPC . agree to Microsoft , though , this flaw exploits a entirely different security department hole – one that open up when Word undergo a specific misplay . on the face of it , this attack does n’t require a user to download a malicious file ; it only postulate the Word program on the person ’s computer to have this computer error , at which point an assaulter can enter the system and play malicious computer code . It affects Word 2000 , 2002 and 2003 and Word Viewer 2003 .
Security experts have ascribe these two security holes tomemory - corruption flaw
in the Word programs . Days after , a third flaw was unwrap . This one also allow for remote approach and control condition of a user ’s auto and has been link to abuffer - overflowproblem in Word . It fall to public attention when a software expert called " Disco Johnny " publish a cogent evidence - of - construct codification on the World Wide Web that showed how a malicious hacker could exploit it , essentially allow for operating instructions for run an attack in addition to show up Microsoft it has yet another problem .
And about five weeks afterward , on January 25 , a fourth certificate hole became the field of a malicious attack that set out when a exploiter opens a rigged Word file beam as an e - mail fond regard and has similar results to the previous attacks : Remote access and command of an intact organisation if it ’s running Word 2000 . If the computer is run Word 2003 or Word XP , it only crash the computer , as opposed to opening it up to distant control .
These four offspring were only the tardy in a series of attacks exploiting previously unexplored flaws in a wide regalia of Microsoft Office applications . In September 2006 , hackers go exploiting another zero - day Word defect , this one only affecting Word 2000 . A drug user had to open an septic Word 2000 written document using the Word 2000 program in order for thevirus , MDropper . Q , to drop a piece of computer code in the substance abuser ’s personal computer . This allowed a remote assailant to take control of the infected microcomputer .
Microsoft recommend installing multiple layers of security software and updating the versions vigilantly . Beyond that , we can only use the chariness we ’ve become accustomed to when opening attachments or download file , with an university extension into a traditionally safer region : Now , if it ends with .doc , do n’t touch it unless you know and trust the source .
For more information on Microsoft surety hole and have-to doe with topic , check out the following page .
