New Word Flaw Being Used in Attacks

Hackers continue to poke holes in Microsoft's Office software.

Symantec warns that an unpatched flaw in the Windows 2000 version of Microsoft Office 2000 is being used by attackers to run unauthorized software on a victim's computer.

Microsoft yesterday confirmed that the bug exists, but it would not say when it plans to fix the problem.

The critical vulnerability was first reported by Symantec to users of its DeepSight threat notification service. Attackers are exploiting the flaw by sending malicious Word documents to victims, Symantec said. When these documents are opened, Word is tricked into installing malicious software on the PC.

Symantec is calling this malware Trojan.MDropper.

How It Works

Trojan.MDropper installs malicious software on the computer, which in turn installs another Trojan horse program "which turns out to be new variant of Backdoor.Femo," Symantec said in an Web posting. That Symantec alert can be found online.

Symantec testers had not been able to exploit the problem on more up-to-date versions of Office or Windows. Microsoft said that the bug was confined to Microsoft Word 2000.

Microsoft is investigating the issue and may issue a patch once that investigation is completed, according to the company's public relations agency.

Microsoft has spent a lot of time investigating and patching Office applications this year. Over the past few months there have been several reports concerning very targeted attacks, similar to this latest Office issue. Microsoft's last few security updates have been filled with patches for Office flaws, many of which had already been used in attacks.