Wednesday, September 06, 2006

Microsoft Security Advisory 925059 Released

The following is a Security Advisory from Microsoft regarding a Vulnerability in Microsoft Word.

Please follow the usual warnings. Do not open any email attachments from an unknown source. Also, be wary of unexpected or unusual attachments from someone you know. A telephone call or confirming email may save you from a lot of grief.

Security Advisory (925059) - Vulnerability in Word Could Allow Remote Code Execution - 06 September 2006.
========================================
Summary
========================================
Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.
|
Opening the Word document out of email will prompt the user to be careful about opening the attachment.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

========================================
Recommendations
========================================
Do not open or save Microsoft Word files that you receive from un-trusted or that are received unexpected from trusted sources. This vulnerability could be exploited when a user opens a file.

Review Microsoft Security Advisory 925059 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.

Customers who believe they have been attacked should contact their local FBI office or report their situation to www.ic3.gov. Customers outside the U.S. should contact the national law enforcement agency in their country.
Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.

========================================
Additional Resources:
========================================
• Microsoft Security Advisory (925059) Vulnerability in Word Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/925059.mspx
• Microsoft Knowledge base Article (925059 - http://support.microsoft.com/?kbid=925059) Vulnerability in Word Could Allow Remote Code Execution
• MSRC Blog: http://blogs.technet.com/msrc/
Note: check the MSRC Blog periodically as new information may appear there.


No comments: