Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

Shop online 24hrs a day or call us Mon-Fri
8:30AM-4:30PM EST - 1-800-915-2088
WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

The Zero-Days of December

Friday, December 15th, 2006 by | Filed Under: Security Help
 
Loading...


The Zero-Days of December

In the past 10 days, there have been two different vulnerabilities in the Microsoft Word program that basically allow potential control of your system through a remote entity. The two Zero-Day (read above in today’s Quick Tip for a definition of this) exploits are only being seen in limited numbers so far, but they still have the severity rating of “critical,” which is the highest rating an exploit can have.

The two vulnerabilities are very similar, but still not the same. The first appeared on December 6, 2006 and the second four days later on the 10th. Since the dates are so close to the release of Microsoft’s monthly scheduled update, neither of these exploits will be patched, which will leave systems open to potential attacks. Since Microsoft does not post updates out of schedule too often, (two in the whole year of 2006), the vulnerabilities are more than likely to stay a threat until the next scheduled update in January. This potential length of time, coupled with the fact that this exploit is actively being taken advantage of, is the major reason for the vulnerability’s critical severity rating.

The Zero-Day vulnerability is a situation where Microsoft Word will error out when trying to open, especially in crafted Word documents. This error allows the attacker to install applications that take advantage of your system. The Word exploits affect the following versions of Microsoft Word: 2000, 2002, 2003 and Word Viewer 2003. With both the vulnerabilities, an attacker can gain control of a user’s system with the current user’s rights, allowing the attackers to gain personal information or create a bot system. The security company McAfee has also spotted a Trojan included with the newest Zero-Day flaw that can steal passwords from Internet Explorer, Firefox, and POP3 e-mail clients, such as Outlook Express and Thunderbird. All of this just adds to the threat.

Until I catch wind of any updates that will patch the vulnerabilities with the versions of Microsoft Word, I can only suggest some work arounds to keep you safe. Word documents have to be manually opened. Therefore don’t open any Word documents from unusual sources. E-mails and Web sites can only present you with the infected documents. They can’t make you open them. So, the best way to protect yourself is to simply not open any Word documents from the Web or from your e-mail.

Secondly, since the vulnerabilities take the rights of the current logged on user, you may want to change the status of your account to a Limited User format or create a new account to use. This way, if your system is infiltrated, the attackers have limited rights, which can contain the damage done.

Until next week, stay safe out there.

~ Chad Stelnicki

Comments are closed.

Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.


Enter Email Address:

Subscribe

Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup



Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Subscribe


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive


Categories:
Archives: