Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

Shop online 24hrs a day or call us Mon-Fri
8:30AM-4:30PM EST - 1-800-915-2088
WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

Microsoft Word Vulnerability

Friday, June 2nd, 2006 by | Filed Under: Security Help
 
Loading...


Microsoft Word Vulnerability

Back on May 19th, a vulnerability was discovered in Microsoft Word that allowed a specially crafted Word document to arbitrarily install malware. This vulnerability is a Zero-Day Flaw, meaning there are yet to be any patches or fixes to stop it. To make matters worse, this particular vulnerability was released to the public, as well as, Microsoft, so anyone who whishes to exploit the Word vulnerability will surely try.

Thus far, the attacks have used malware to install backdoors that the mothership can use for various reasons. As a matter of fact, once the backdoor is installed on a PC, the PC would then ping the head server to inform it of the successful system breach.

In order for someone to get infected, one would need to open a specially crafted Word document designed to take advantage of the Word vulnerability. These documents can either be downloaded from a Web site or sent to you in an e-mail. Either way, the outcome is the same.

Microsoft has stated that the vulnerability will be patched on June 13, 2006 with the scheduled monthly update, so you may want to mark that down and make sure your PC updates on that day. Also, this vulnerability only applies to the 2002 and 2003 versions of Word. It will crash Word 2000, but otherwise leave it unharmed. Microsoft has come out with some work around and good practices that you may want to consider until the patch is available:

1.Users whose accounts are configured to use restricted rights on the system could be less impacted than users who operate with administrative user rights.
2.When running Office XP or Office 2003, the vulnerability can not be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.
3.In Office XP and Office 2003, this vulnerability can not be exploited automatically through a Web based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s site.
4.Use Word Viewer 2003 to open and view files. Word Viewer 2003 does not contain the vulnerable code and is not susceptible to this attack. It can be downloaded for free here.

Users can follow these steps to disable the Outlook feature to use Word as a mail editor:

1.Restart the machine.
2.Open Outlook.
3.Click Tools, click Options and then click the Mail Format tab.
4.Clear the “Use Microsoft Word to edit e-mail messages” check box.
5.Clear the “Use Microsoft Word to read Rich Text e-mail messages” box.
6.Exit Outlook.
7.Restart the machine.
8.For more information on turning Word on or off as your e-mail editor, see the following Web site.

Use Word in Safe Mode for Home Users:

Using Word in Safe Mode helps protect the affected system from attempts to exploit this vulnerability. All versions of Word have an application recovery feature that allows running Word in Safe Mode. Safe Mode disables the functionality and prevents vulnerable code from being exploited.

1.Word will display SAFE MODE in the title if it is operating in Safe Mode.
2.Right click on your Desktop
3.Select New/Shortcut.
4.Select Browse.
5.Locate winword.exe.
6.Append “ /safe” (without quotes) to the end of the file location, after the quotation mark.
7.Click Next. Name your shortcut as “Word Safe Mode.”
8.Click Finish.

To open a Word document, follow the steps listed below:

1.Save your Word document to a disk or onto your desktop.
2.Start Word using your “Word Safe Mode” Shortcut.
3.Click File, click Open, then browse to the document you wish to open.

Keep in mind that there are going to be some changes in the way Word behaves while in Safe Mode, but it’s only for a short while. Until this gets patched, here’s exactly what you can expect in Safe Mode.

Stay safe out there.

~Chad Stelnicki

Leave a Reply


Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.


Enter Email Address:

Subscribe

Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup



Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Subscribe


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive


Categories:
Archives: