Microsoft Warns of New Zero-Day Flaw

by admin January 29, 2007 at 2:21 pm

Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000.

Alexandra Huft, a member of Microsoft’s security team, said the Redmond, Wash.-based vendor posted Microsoft Security Advisory (932114) for an issue “that only affects Microsoft Word 2000.”

“We are currently investigating a report of a posting of proof of concept code which could allow an attacker to execute code on a user’s machine in their security context by convincing them to open a specially-crafted Word document,” Huft wrote in a posting to the company’s Web site on Friday.

Internet security firm Secunia reported the exploit on Friday and deemed it “extremely critical.”

Microsoft, however, minimized the potential impact of the exploit.

Full article: