Support our Sponsors


Uclip Clipping Path Service

UAE Lists Jobs in Dubai


Main Menu

Home
News
Blog
Links
Search

Resources

Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions

Related Items

powered_by.png, 1 kB

Popular


Home arrow News arrow Latest arrow Microsoft Issues Alert on New Word Vulnerability
Microsoft Issues Alert on New Word Vulnerability PDF Print E-mail
Written by Spam News Admin   
Sunday, 30 March 2008

Microsoft Corp., on March 21, 2008, warned that a critical bug affects any computer with Word operating on Windows 2000, Server 2003 SP1, and Windows XP. The warning comes after several weeks since PandaLabs, an online security company, first reported an exploit on March 3, 2008 and one day after another vendor confirmed the ongoing attacks.


Microsoft Corp., on March 21, 2008, warned that a critical bug affects any computer with Word operating on Windows 2000, Server 2003 SP1, and Windows XP. The warning comes after several weeks since PandaLabs, an online security company, first reported an exploit on March 3, 2008 and one day after another vendor confirmed the ongoing attacks.

Microsoft has acknowledged the public reports about a small number of targeted attacks found to exploit vulnerability in the Microsoft Jet Database Engine, a part of Windows that provides access to data on applications such as Microsoft Visual Basic and Access. However, Symantec Corp notes that Microsoft described the attacks that used malware-loaded Word 2000, 2002, 2003 and 2007 documents that in turn encourage the vulnerable Jet.dll.

Ismael Briones, a researcher with PandaLabs, had written about the bug in a blog on March 3, 2008, but said that Microsoft rejected it saying that he reported an exploit of in-the-wild type, as reported by ComputerWorld on March 22, 2008.

Briones further said that Microsoft had replied that it would not plug these mdb holes as apparently, the company would not acknowledge flaws from .mdb files. It had said that Briones appeared to report a problem with a kind of file that Microsoft considers as unsafe. Many applications such as Outlook and Internet Explorer automatically filter these files.

Further, researchers at Symantec studied an exploit capable of blocking the .mdb type file in Outlook by simply changing the file's name to an acceptable format for the e-mail system. In fact, msjet40.dll can be directly called from Word without the need to use Access. In this kind of attack, the .doc file relies on mail-merge features to import a data file and thus, effectively compels Jet to install the malware-laced Access sample.

But, Microsoft said that people using Word on computers running Windows Server 2003 SP2 and Vista are not affected because these operating systems have a different edition of Jet.

Albeit Microsoft regarded the severity of the threat as low, Bill Sisk, Spokesman for the company, confirmed that work was on to develop a patch, as reported by ComputerWorld on March 22, 2008.


Posted originally: 03/29/2008

Read Full Article



Reddit!Del.icio.us!Facebook!Slashdot!Netscape!Technorati!StumbleUpon!Newsvine!Furl!Yahoo!Ma.gnolia!Free social bookmarking plugins and extensions for Joomla! websites!
Last Updated ( Wednesday, 21 May 2008 )
 
< Prev   Next >
[ Back ]

Newsflash

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us

 

 

 
 
© 2008 spam NEWS - updated Daily
Joomla! is Free Software released under the GNU/GPL License.