Information Security Professionals Alert Users Against New Vulnerability In Microsoft Word

Recently, Microsoft has warned computer users on a new vulnerability in Microsoft Word

. The vulnerability is misused by hackers to install new malware on the computer systems. Microsoft had already issued patch for the vulnerability rated one expressing possibility of an attack. Information security professionals at Microsoft found a new sample that exploits this vulnerability. Hackers are able to insert malicious code, which can download other malware. In case of this attack, hackers use a malicious or specially-crafted rich text format (RTF) file to create a stack overflow in Word for Windows. The stack overflow allows the malicious file to download and run a Trojan horse on the affected computer. Offenders send a well-crafted e-mail to the users. When an unwary user opens and previews the malicious RTF file in an e-mail client such as Outlook, remote code gets executed.

The patch issued by Microsoft addresses the vulnerabilities in Microsoft Word 2002, 2003, 2007 and 2010. Vulnerabilities in Microsoft Word 2004 remain unpatched. Users must install the issued patch to safeguard their computers and to ensure information security. Usually, Microsoft releases patch on the second Tuesday of every month. However, there is always a time lag between the issue of a patch and its installation by the users. Hackers misuse the opportunity to identify and exploit the vulnerabilities.

Microsoft Word is commonly used program by individuals on their personal computers as well as by business organizations. As such, exploitation of vulnerability by hacker may affect large number of users. Microsoft has assigned critical rating for vulnerabilities in Microsoft Office 2007 Service Pack 2 and Microsoft Office 2010 (both 32-bit and 64-bit editions) for Windows. Users must adhere to the security advisories, patch release and alerts from software developers and security solution providers to safeguard the systems from unauthorized access, remote code execution and malware.

IT security professionals may use ethical hacking to conduct security evaluation, identify weaknesses, potential vectors and initiate remedial action. They must also keep track of the patch releases and security updates. Identification and timely installation of appropriate patches may help organizations in reducing vulnerability exploitations and security breaches.

by: Peter M

POST COMMENT

Solar Energy Advantages - 6 Facts You Should Know About Solar Energy Solar Lighting Applications For Everyone How To Build A Outdoor Shed - Great New ! Mohammed Zazi And Afzali Are Accused Of Lying To Fbi Agents About Calls Between Denver And New York. Swimming Pool Solar Covers Application Development – Technologies for the New World Plumbing Contractors Can Completely Handle Your New Bathroom Grid-tied Solar Panels Systems For Your Home Lower Operating Costs for your New Biofirm by Hiring Chemical Toll Manufacturers There Is More To Outdoor Lighting Than Boring Old Globes Ways We Can Lower Our Energy Usage When Choosing New Appliances Energy Efficient Refrigerators Keep Your Food Cool and Your Bills Low The Very Best Lighting When Dinning Outdoors With Bigfoot