Another Word Flaw discovered!!!

In addition to the MS-Word flaw discovered last week and the release of updates as a part of the monthly patch cycle (known as Patch Tuesday), IT administrators will now have to contend with another flaw in MS Word software with possibility of remote code execution on the victim's computer if infected.

A limited number of attacks have already taken place and the flaw is acknowledged by Microsoft though no security advisory has been released yet. This flaw was discovered over the weekend and it affects Word 2000, 2002, 2003 in addition to Word Viewer 2003. This bug does NOT affect Word 2007 which released very recently to business users.

Again to exploit this flaw malicious users are circulating a specially crafted word attachment which when opened allows the attacker to take control of the victim's computer and run unauthorised software. As always, you should take extreme precautions when you receive any email with word attachments from untrusted / unknown sources and if possible always delete the email without opening it.

Given the timing of the discovery it is not possible for Microsoft to include this bug fix in this month's patch update cycle and will probably be patched in the next month's release. However, if there is enough attack attempts and customer demand, I am sure Microsoft will issue an out of cycle patch for these flaws. I think we as customers should demand that Microsoft release an out of cycle patch for this flaw.