A new, unpatched vulnerability in Microsoft Word 2000 is being actively exploited by attackers, some security organizations announced on Tuesday.
Synmatec researchers say they analyzed an in-the-wild attack pattern and confirmed that it was capable of attacking the full patch of Office 2000. Word 2000 was the packaged application. in Office suite and using a full patch of Windows 2000 operating system.
The Trojan Fire Zero-Day attacks Microsoft Word Picture 1 ' Although in this example we are unable to exploit the vulnerability in other Office versions, these versions may also be affected by the new vulnerability in Word 2000, ' Synmantec said in a client warning. need to be careful with threats from DeepSight. Cupertino, a California-based security firm, has described exploiting the vulnerability as fully authenticated and adding that the exploit is "clearly mostly for end users."
If a Word 2000 user opens a document with a malicious attachment sent by the attacker, another Trojan Horse will spread to a certain file in the computer. But that file (actually a Trojan) has not spread immediately to another file, but a backdoor component (the back door) will leave the machine to open an additional attack or execute the previous abuse program.
The attack method of these Trojans is not a self-replicating type but a multidirectional exploit like some recent worms, taking advantage of any vulnerabilities.
' The exact function of the payload process until now is still unknown. But we want it to include a function to check the operation of the keyboard and mouse as well as some other information gathering techniques. "Symantec said.
A Danish vulnerability detector, Secunia, assessed the recent flaw in Word 2000 with a high level of key. It is the biggest warning and users are advised not to open unexpected or unreliable office documents.
Similar warnings and advice were also issued in May, June and July with several other vulnerabilities in Office applications (Word, Excel, PowerPoint). During these months, the attacker primarily used the attack type. Microsoft has released patches every month, with 'zero-day' vulnerabilities.
' Vulnerabilities in Microsoft Office are great platforms for social-enineering basic attacks (phishing based on user reactions and habits) and e-mail ', Hon Lau, longtime engineer Synmantec said on the company's blog. ' Businesses, small businesses and consumers continue to share and exchange information with Microsoft Office documents.Since most of these types of documents are normally passed through firewalls or security solutions, they are a good means to hide malicious program code . '
Office 2000 and Word 2000 are currently placed by Microsoft in the 'Extensive Help' section. This means that although the free help time has expired, the company still provides security updates for customers using Office 2000. Office 2000 and Word 2000 will be completely out of the help list. in July 2009.
Microsoft will release the next patch on Tuesday, September 12.