Symantec, the antivirus company, warned yesterday that a new and yet-to-be-fixed security hole in Microsoft Word exposed computer users to cyberattacks. Vincent Weafer, the senior director at Symantec security response, said yesterday that would-be intruders had already tried to compromise PC’s at a Japanese government agency by exploiting the flaw. In response, Symantec has raised its ThreatCon to Level 2, which means an outbreak is expected. Microsoft is preparing a security update for Word that repairs the vulnerability, a Microsoft representative said yesterday in an e-mailed statement. The fix is scheduled to be released on June 13 as part of security updates, or sooner, if warranted. The malicious software arrives as a Microsoft Word file attachment to an e-mail message. When the document is opened, the vulnerability is exploited. In the Japanese case, the Word document actually displayed some text related to a treaty with China, but while the text was displayed, a backdoor was installed on the system, Mr. Weafer said. Backdoor software allows intruders to enter computers surreptitiously. The vulnerability was confirmed in Word 2003, Symantec said. The malicious file caused Word 2000 to crash, it added. I really don’t understand the approach of Microsoft - they know about serious security flaw, but instead of immediate patching, they “schedule” the patch to 13th June, which stands for over 2 weeks of possible security attacks everywhere on the world. Yeah, I’m lazy, but these guys at MS are much worse…
No comments:
Post a Comment