Security Market Segment LS
Sunday, 21 May 2006 15:52

Symantec raises alarm on Microsoft Word hack attack

flu_figWorries about Microsoft Word attachments in emails have surfaced with the news that hackers have begun to exploit a zero-day vulnerability in Word 2003 using a new Trojan horse virus. The seriousness is compounded by the fact that a fix from Microsoft could be more than three weeks away.

Anti-virus vendor Symantec raised an alert on Friday about the Word 2003 vulnerability and the fact that hackers were on the march trying to get control of PCs running the current version of the Microsoft word processor. According to Symantec, opening email attachment that looks like a word document actually opens an executable Trojan horse program, called Trojan.Mdropper.H, which in turn gives a hacker access to the user's system.

According to Microsoft, a fix for the vulnerability is on its way. However, the earliest date that Microsoft has committed to so far is June 13, leaving hackers a significant Window of opportunity to try and hit their vulnerable targets.

Symantec, which has broadcasted an alert about the vulnerability on its home page, has warned users to be extra careful when opening any Microsoft Word documents, whether they receive them as an email attachment or through another means such as a website or instant message. According to Symantec, attacks so far appear to be targeting enterprise users, although that could change.

The latest Microsoft vulnerability alert has been raised by the same anti-virus vendor that recently launched one of the most far reaching lawsuits against Microsoft in its history. Symantec, the leading desktop security vendor, last week filed a suit, seeking to prevent the release of Microsoft's new desktop operating system, Windows Vista. In its lawsuit, Symantec alleges that Microsoft has built Vista and other products on misappropriated intellectual property invented by Symantec's recently acquired storage management company Veritas.

Symantec, like other security vendors, continually issues alerts about Microsoft vulnerabilities such as the current one. Microsoft has touted its upcoming Windows Vista operating system as fixing the security issues of previous releases, thus making it less vulnerable to attacks. {moscomments}

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stan Beer


Stan Beer co-founded iTWire in 2005. With 30 plus years of experience working in IT and Australian technology media, Beer has published articles in most of the IT publications that have mattered, including the AFR, The Australian, SMH, The Age, as well as a multitude of trade publications.



Recent Comments