Sunday, May 14, 2006

Zero day attack...

According to eWeek, there is a critical flaw in Microsoft Word that is being leveraged successfully to compromise fully patched Windows systems. The issue is designated as a zero-day attack because individuals responsible for the security incident are taking advantage of a flaw that was previously unknown.

Victims, it is reported, receive an e-mail that appears legitimate with an enclosed Word document. Once opened, the Word document launches a Trojan-like program that opens a back door into the affected system. Also troubling is the fact that neither the corrupt attachment nor the malware that it executes are currently being detected by anti-virus products. For all intents and purposes, attackers can gain full control of a compromised system using the method described in the article.

As there is currently no patch for the vulnerability being exploited, the recommended course of action for both home and corporate users is to be vigilant and reject any unexpected e-mail messages with Word attachment, even if they appear to come from legitimate sources.

It seems Microsoft is working on this and may release a patch on 13 jun 2006.But Antivirus vendors may introduce new updates much sooner.

No comments: