Zero-Day Attack in Microsoft Word 17 years, 4 months ago by Martey Dodoo

Microsoft released a security advisory today for all modern versions of Microsoft Word and Microsoft Works. According to the document, a vulnerability in the popular word processing software programs is being actively exploited, and can be triggered simply by opening a carefully modified Word document.

Both the Slashdot post on the issue and the eWeek article that Slashdot links to claim that Microsoft is suggesting that any Word document could be dangerous to your computer's health.

Microsoft suggests that users "not open or save Word files," even from trusted sources. "As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources," the company said.

This is not exactly true. The security advisory actually says:

Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file. [emphasis mine]

Extreme caution could mean taking any number of actions before deciding to open an attached Word document, from running it through an antivirus program (which would currently be fruitless, as none of them have currently released definitions to detect such dangerous Word documents), to emailing the sender back to ensure that they actually sent the file in question (as opposed to a message sent by malware), to using an alternative program not affected by the vulnerability to open Word documents.