Microsoft Corp. yesterday warned of a critical vulnerability that affects users of Word running on Windows 2000, XP and Server 2003 SP1 -- several weeks after one security company first reported an exploit and a day after a second vendor confirmed ongoing attacks.
In an advisory posted Friday, Microsoft acknowledged "public reports of very limited, targeted attacks" that exploit a bug in the Microsoft Jet Database Engine, a Windows component that provides data access to applications including Microsoft Access and Visual Basic.
According to Symantec Corp., however, the attacks Microsoft described used malicious Word 2000, 2002, 2003 and 2007 documents, which in turn call up the vulnerable Jet .dll.
"We believe that the issue being described [by Microsoft] is one described on March 20, 2008 by Elia Florio of Symantec Security Response," the security firm told customers of its DeepSight threat analysis network on Saturday. "He notes a recent discovery, by Panda Security, of a possible zero-day exploit observed in the wild."
News Source: ComputerWorld
In an advisory posted Friday, Microsoft acknowledged "public reports of very limited, targeted attacks" that exploit a bug in the Microsoft Jet Database Engine, a Windows component that provides data access to applications including Microsoft Access and Visual Basic.
According to Symantec Corp., however, the attacks Microsoft described used malicious Word 2000, 2002, 2003 and 2007 documents, which in turn call up the vulnerable Jet .dll.
"We believe that the issue being described [by Microsoft] is one described on March 20, 2008 by Elia Florio of Symantec Security Response," the security firm told customers of its DeepSight threat analysis network on Saturday. "He notes a recent discovery, by Panda Security, of a possible zero-day exploit observed in the wild."
News Source: ComputerWorld
Yeah too bad this really is a vulnerability in the database engine that is included with windows, not really word per say... Using open office doesn't fix your Jet Database vulnerability...
At least that's one sure thing MS improved (among many other features), for those who keep on insisting Vista is no better than XP.
Looks like the solution isn't necessarily "Vista", but an updated version of the Microsoft Jet database engine.
If I can predict the future for a second here, let me guess that Microsoft will patch this with a Jet update, since that seems to be the source of the flaw, not the OS.
Not really, just another reason not to use JET databases...
Or you can stop opening hideous files.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.