Microsoft confirms yet another Word zero-day flaw

“Microsoft’s security response center has confirmed that a second zero-day vulnerability in its Word software program is being targeted by unknown attackers,” Ryan Naraine reports for eWeek.

“The latest flaw comes just days after the software maker issued a security advisory to warn customers against opening Word documents from untrusted sources. The two vulnerabilities are entirely unrelated,” Naraine reports.

Naraine reports, “The flaws were discovered during actual code execution attacks against select targets and highlight the Redmond, Wash., vendor’s struggle to cope with gaping holes in one of its most widely used products.”

Naraine reports, “According to a US-CERT advisory, the latest bug is a memory corruption issue that occurs when a Word file is rigged with malformed data structures. No other details were made available. Microsoft has not yet issued a formal prepatch advisory but, in a blog entry, Security Program Manager Scott Deacon listed affected software versions as Word 2000, Word 2002, Word 2003 and the Word Viewer 2003.”

“Microsoft plans to issue six security bulletins as part of its December batch of patches, but there are no Office fixes on tap. Unless an out-of-cycle update is shipped, the Word flaws will remain unpatched until at least Jan. 9, 2007,” Naraine reports.

Full article here.

MacDailyNews Take: One can only hope that the poor bastards who are stuck in “Microsoft’s security response center” qualify for overtime. What a job; a more perfect hell has yet to be constructed. We wonder, has a more inept company ever had so much undeserved success as Microsoft?

Related MacDailyNews articles:
Microsoft releases Office 2004 for Mac 11.3.1 Update – December 13, 2006
Unpatched Microsoft Word flaw affects Macs too – December 06, 2006
Microsoft says Office 2007 XML support coming to Macs eventually – December 06, 2006
Microsoft’s Office 2007 for Windows saves documents in Mac-incompatible format – December 05, 2006
CodeWeavers releases CrossOver Mac 6.0 Beta 3 – November 14, 2006
RUMOR: Apple to take on Microsoft Office, add ‘Lasso’ spreadsheet app to iWork ‘07 – October 11, 2006
Free NeoOffice 2.0 Aqua Beta 3 now available – August 28, 2006
CodeWeavers brings low-cost way of running Windows apps on Mac OS X sans Windows – August 14, 2006
Mac users should not buy Microsoft software (or hardware) – May 16, 2003

16 Comments

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.