Only hours after it fixed nine vulnerabilities in several of its programs, Microsoft Corp. late Tuesday confirmed that attackers are exploiting an unpatched bug in Word.
In a security advisory it issued shortly before 10 p.m. EST, the Microsoft Security Response Center (MSRC) said attackers were exploiting a flaw in Word 2002. However, MSRC spokesman Bill Sisk downplayed the threat. “At this time, Microsoft is aware only of limited, targeted attacks that attempt to use this vulnerability,” Sisk said in an e-mail.
As is its practice, Microsoft provided few details of the vulnerability other than to say that it could be triggered by rigged Word documents if the user opened them. The company did not say how the in-the-wild attacks were delivering the malicious .doc files, but if the past is any indicator, criminals are sending malformed files as e-mail attachments…
