Security experts have discovered more vulnerabilities in Microsoft Word and other software, although hackers do not appear to be exploiting them yet. The flaws have been reported just as Microsoft releases its latest round of security patches.
Three of the vulnerabilities affect Word 2007, according to the Security Vulnerabilities Web site. Details are scant at the moment, but two of them appear to allow an attack that can create conditions similar to those caused by a denial of service attack, with CPU usage surging to 100 percent, the posting said.
The third vulnerability could allow remote code execution, and the fourth, which concerns the ".hlp" extension for Windows help files, could lead to a heap overflow condition, the posting said.
Three proof-of-concept Word documents plus a malicious ".hlp" file illustrating the vulnerabilities were available for download from at least one Web site on Wednesday.
Microsoft said it was investigating the reports but was not aware of any attacks as of Wednesday morning.
The discovery of the new vulnerabilities came as Microsoft issued seven fixes for critical flaws on Tuesday. Hackers have often timed the disclosure of new vulnerabilities just after Microsoft's patch day, the second Tuesday of the month, to maximize their time to exploit computers, said Greg Day, a security analyst for McAfee Inc.
"It's becoming a very common trend," he said.
Security researchers have said that as Microsoft fixes problems within its operating systems, hackers are actively hunting for flaws in its Office applications.
When they find one, hackers will send spam with, for example, a malicious Word document attached. Downloading and opening the file could allow a hacker to take control of the machine. Microsoft has warned that people should not open files sent from unknown sources.
April is proving to be a rough month for Microsoft: It issued an emergency patch on April 3 for the animated cursor flaw, which could let a hacker control the machine after merely viewing a malicious Web site.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive InfoWorld Resource Alerts
Recommend This
