Microsoft issues warning over Word flaw that allows targeted attacks

Microsoft has issued a security advisory about a software flaw that may affect Word users.

Microsoft said it was investigating reports of "very limited, targeted attacks using a vulnerability in the Microsoft Jet Database Engine that can be exploited through Microsoft Word."

The Microsoft Jet Database Engine is a database manager. It extends data access to a variety of Microsoft and third-party applications, including Microsoft Access, Microsoft Visual Basic, and certain Information Services applications, Information Week reported.

"Current attacks require customers to take multiple steps in order to be successful; we believe the risk to be limited," Microsoft said. Targeted attacks affect only a few organizations or individuals. Microsoft has advised users not to open Word documents from untrusted sources or unexpected Word documents from even trusted senders.

For malicious software to be installed on a victim's PC, the user would have to open a Word file, either as an attachment or from a Web site, designed to load a database file that uses msjet40.dll.

The vulnerability affects those using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1. Unaffected are users of Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1.

You can read the Microsoft security advisory.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers," Bill Sisk, security response communications manager for Microsoft, told SCMagazineUS.com. "This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

People who believe they have been attacked can go to the Microsoft Web site for support.

You may like these other stories...

You probably don't want to think about how many times you access the File menu in Excel 2010 or 2013. Personally I think Excel 2010 has the best possible File menu arrangement, other than having Print Preview grafted...
Following other recent high-profile hacking events, investigators discovered yesterday that hackers broke into the draft work paper files of several famous CPA firms. Revealing images of the scantily clad documents have been...
For bitcoin users, the taxman cometh. And you best know how to calculate taxes owed on what the IRS calls convertible virtual currency.In March 2014, the IRS issued Notice 2014-21, which declares virtual currency will be...

Already a member? log in here.

Upcoming CPE Webinars

Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 21
Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.