Microsoft finds second flaw in Word

Microsoft is reporting that it has found another security flaw in its Office software. If this sentence sounds familiar, it's because a similar bug in Office was reported last week.

The zero day attack loads malicious software on to a targeted machine after the user downloads a rigged Word file.

Once again, Microsoft is recommending not to open Word files from unknown sources, or files unexpectedly received from trusted ones.

On the Microsoft Security Response Center blog, Scott Deacon from the team confirmed that Word 2000, 2002, 2003, and Word Viewer 2003 are affected, but not Word 2007. The Mac versions are safe as well.

Deacon also wrote that the vulnerability is being exploited on a “very, very limited and targeted basis”.

Microsoft will not be releasing a fix for the two latest Office flaws in its routine, monthly patch update that goes out tomorrow. Five security patches for Windows, but none for Office, will be made available.

There's a chance, if the threat from the two unpatched flaws is deemed critical enough, that Microsoft will release patches outside of the normal monthly schedule.


>