Word attack in the wild
Exploit Wednesday for real this time.
By Gregg Keizer, Computerworld | Published: 02:05, 12 October 2007
An attack that exploits a vulnerability in Word has been discovered, just one day after Microsoft pushed out a patch.
Symantec reported it had obtained a suspicious document that crashed every version of Word except the newest, Word 2007. After it examined the document, Symantec found that it included shell code and three pieces of malware.
Among its more surprising findings: Symantec found that the document had been created with the edition of Word included with Office for Mac 2004.
Microsoft patched a critical vulnerability in multiple editions of the word processor on this week's Patch Tuesday. Symantec put the two together. "Taking a closer look at that vulnerability, we confirmed that this document was in fact exploiting the same vulnerability," researcher Orla Cox said on the company's blog.
Even though Microsoft acknowledged on Tuesday that attacks had already been seen in the wild, Symantec remarked on the finding. "In our experience, the exploitation of such vulnerabilities tends to be very targeted in nature," said Cox.
It's not unusual, however, for exploits to appear soon after a vendor posts a patch. The practice, dubbed "Exploit Wednesday" to match "Patch Tuesday", has been debunked by some, however, as part myth.
Updates to the Windows versions of Word can be obtained via Microsoft Update or Office Update, while the patch for the Mac edition is included in the 11.3.8 update to Office 2004 available on the website of Microsoft's Macintosh development team.
