Jump to content
Posted 19 May 2006 - 04:01 PM
The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)
A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)
"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)
Posted 19 May 2006 - 07:07 PM
Symantec's DeepSight Threat Analyst Team has escalated its ThreatCon level after confirming the unpatched vulnerability is being used "against select targets."
The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.
Posted 20 May 2006 - 07:17 AM
Posted 20 May 2006 - 09:43 AM
Do not open untrusted Word documents
At the time of writing, an update is not available. Do not open
unfamiliar or unexpected Word or other Office documents,
including those received as email attachments or hosted on a web
Posted 24 May 2006 - 09:36 AM
Microsoft: Use MS Word in Safe Mode
Use Microsoft Word in safe mode to protect against targeted zero-day attacks.
That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program...
MS Word Attacks Likely to Continue
...To address the threats until Microsoft issues a patch, the SANS Internet Storm Center recommends that organizations use an e-mail system that quarantines attachments for at least six to 12 hours to allow antivirus signatures to catch up. It also suggests setting limits on user administration rights, using proxy servers to control sites accessible to internal users, and employing intrusion-detection systems and firewalls to monitor outbound traffic.
"Note that this is not a temporary situation that will blow over soon. Microsoft will release a patch against this problem in June, but even after that there are likely to be other attacks using other exploits," researchers wrote on the SANS Internet Storm Center Web site...
Edited by quietman7, 24 May 2006 - 09:46 AM.
Posted 31 May 2006 - 09:33 AM
Microsoft Corp....said it will issue a patch as part of its monthly security update on June 13, or earlier if necessary.
Posted 03 June 2006 - 07:29 AM
• V1.1 (June 2, 2006): Advisory revised to update the “Frequently Asked Questions” section and provide additional clarity around “Step 2 Append /safe to the WINWORD.EXE command line” for “Enterprise Customers using group policy” section under “Always use Microsoft Word in Safe Mode”.
0 members, 0 guests, 0 anonymous users