Microsoft issues warning over Word flaw that allows targeted attacks

Microsoft has issued a security advisory about a software flaw that may affect Word users.

Microsoft said it was investigating reports of "very limited, targeted attacks using a vulnerability in the Microsoft Jet Database Engine that can be exploited through Microsoft Word."

The Microsoft Jet Database Engine is a database manager. It extends data access to a variety of Microsoft and third-party applications, including Microsoft Access, Microsoft Visual Basic, and certain Information Services applications, Information Week reported.

"Current attacks require customers to take multiple steps in order to be successful; we believe the risk to be limited," Microsoft said. Targeted attacks affect only a few organizations or individuals. Microsoft has advised users not to open Word documents from untrusted sources or unexpected Word documents from even trusted senders.

For malicious software to be installed on a victim's PC, the user would have to open a Word file, either as an attachment or from a Web site, designed to load a database file that uses msjet40.dll.

The vulnerability affects those using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1. Unaffected are users of Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1.

You can read the Microsoft security advisory.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers," Bill Sisk, security response communications manager for Microsoft, told SCMagazineUS.com. "This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

People who believe they have been attacked can go to the Microsoft Web site for support.

You may like these other stories...

The following list highlights 10 apps that that may be of interest to you, your clients, or your clients' clients. They were featured during a session of AWEBLive!, the 12-hour CPE marathon, and presented by Gregory L....
I am a recent MS Accounting degree graduate and I am looking into a programming/IT related career. Anyone here have experience or know any accountants that diverted their careers into IT/Programming/System design, etc?...
Event Date: May 29, 2014, 2 pm ET In this presentation Excel expert David Ringstrom, CPA brings you up to speed on the Excel feature you should be using, but probably aren't. The Table feature offers the ability to...

Upcoming CPE Webinars

Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.
May 1
This material focuses on the principles of accounting for non-profit organizations’ expenses. It will include discussions of functional expense categories, accounting for functional expenses and allocations of joint costs.