Microsoft warns of critical Word bug

Posted by Mark Raby

Redmond (WA) - Microsoft has issued an advisory for a critical vulnerability in Microsoft Word that, while "very limited" in scope, could lead to damaging attacks without an official fix yet.

The software giant confirmed the vulnerability that was reported earlier this month from Ismael Briones, a researcher at antivirus company Panda.  According to the reports, the vulnerability lies mainly within Microsoft's Jet Database Engine, which is used in the company's professional software applications like Access and Visual Basic.

By sending out a malicious Word document, an attacker could compromise the engine and overtake someone else's computer remotely.  The victim would need to own the appropriate software and physically open the Word file for the vulnerability to have any effect.  As such, Microsoft says the threat is "very limited."

Additionally, users running Windows Vista or Vista Service Pack 1, or Windows 2003 Service Pack 2 are immune from any attacks this threat could pose.

"Microsoft is investigating the public reports and customer impact. We are also investigating whether the vulnerability can be exploited through additional applications. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers," said Microsoft in its advisory.

The company added that if necessary, it will release a special security update, however the problem will more likely be patched during Microsoft's regularly scheduled monthly update.