New zero-day Word attack strikes
Hackers are exploiting a new, unpatched vulnerability in Microsoft Word that could allow them to take control of a victim’s computer, Symantec has warned. The zero-day vulnerability is the fourth in Microsoft’s widely used Word 2000 software that has not yet been patched, the security company said in its Security Response Weblog. A zero-day vulnerability refers to a security hole for which exploits are already available when it was discovered.
The attack comes via an infected Word document, a method increasingly used by hackers for targeted attacks. If the document is opened, it installs a Trojan horse program, called Trojan.Mdropper.W, onto the computer, Lau wrote. The Trojan also puts other files on a computer that enable a hacker to control it. Microsoft could not be immediately reached for comment. The company released three sets of critical patches on Jan. 9, including ones for Outlook, PowerPoint, and Windows, but not for Word.
Comments are closed.