eWeek: Microsoft Confirms New Word Zero-Day Attack
There’s another Microsoft Word zero-day attack under way.
Microsoft on Sept. 5 confirmed that malicious attackers are exploiting a new, undocumented flaw in Word 2000 to load back-door Trojans on Windows machines.
The acknowledgment follows a warning from anti-virus vendor Symantec that the threat was detected in the wild targeting Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP systems.
A spokesman for Microsoft said the Redmond, Wash., vendor’s security response team has investigated the report and concluded that the attack is limited to users of Word 2000. “[We are aware of] an attack scenario that involves malware known as Win32/Wordjmp and Win32/Mofeir,” the spokesman said, adding that definition updates have been rolled out to the company’s free Windows Live OneCare safety scanner for detection and removal. [Read on]