News of this vulnerability is available in many places. I’ll point to the Secunia posting about the latest announced security vulnerability in Microsoft Word. Opening Microsoft Word documents with Word can lead to your computer being taken over by hostile programs – almost assuredly without your knowledge. Until a patch is available from Microsoft, do not open documents unless you know and trust the document creator.
A vulnerability has been reported in Microsoft Word, which potentially can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to an unspecified error in the handling of Word documents and can be exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
I’m not even going to do my standard Microsoft rant here. Designing security into a program as complex as Word is hard. Going back and trying to add security to a finished application which wasn’t designed with security tenets in mind is almost impossible. I am almost certain Word was not designed with security as a key component, which means there will probably always be problems like this. And consumers are to blame, as they don’t demand secure applications by withholding money from vendors who don’t design for security. In other words, the buying public is largely to blame for this – Microsoft is just doing what the customers indicate they want with show of dollars.
Microsoft has additional details on MS TechNet and on TechNet blogs.
[tags]Don’t open MS Word documents, Latest big security vulnerability news – MS Word[/tags]