Blogs

A newly discovered vulnerability in Microsoft Word is drawing high levels of attention from security experts. It's deemed a "zero-day" vulnerability, meaning that people are exploiting it on the same day it surfaces publicly, before the company has a chance to issue an update to fix the flaw. It's exploited via a Word file attached to an e-mail. Microsoft says it's working on a patch.

On Microsoft's Security Response Center blog, Stephen Toulouse has details:

Here's what we know: In order for this attack to be carried out, a user must first open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited attachments from both known and unknown sources.

Brian Krebs of the Washington Post, in a post on his Security Fix blog, explains what can happen when the vulnerability is exploited:

According to Symantec, the Mdropper.H Trojan that exploits the new flaw may arrive in a file that looks something like this: NO.060517.doc.doc. Symantec said the Trojan appears to work in Microsoft Word 2003 and crashes Microsoft Word XP. Then the Ginwui backdoor program planted by Mdropper gathers system information and allows the attacker to access a command shell (that usually means game over for the victim PC) and take screen shots of whatever the user sees on his or her computer monitor. Ginwui also appears to connect to a Chinese server, no doubt controlled by whoever sent out the nastygram in the first place.

Also see coverage by CNet News.com, Information Week, and BetaNews.