Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Word Bug Can Permit Malicious Macros
Downloadable fix can swat bug that allows planting of potentially dangerous macros.
Sam Costello, IDG News Service
A flaw in several versions of Microsoft Word allows malicious macros to duck Word's security features and make possibly devastating changes to a PC.
The vulnerability affects Word 97, 2000, 2002, the Japanese version of Word 98, and Word for Macintosh 98 and 2001. Someone could exploit the vulnerability by performing what Microsoft calls "low-level editing" on a Word document to disguise the malicious macros and prevent Word's macro checker from detecting them, Microsoft officials acknowledge. A macro is a small script used to automate tasks, such as formatting.
Microsoft has posted a patch, along with a security bulletin, for this vulnerability. The flaw was discovered by Steven McLeod.
It is similar to another Word macro vulnerability discovered in May. Microsoft characterized that bug as "mild."
The earlier vulnerability occurred when a user opened an RTF file that referenced a template containing an embedded macro. The bug permitted the macro to run without warning the user, possibly making some changes to Word. It affected only Word 97 and later versions, and only certain RTF documents. Microsoft issued a patch for that bug as well.
Word Usually Watches Macros
Typically, Word alerts a user upon opening a document containing macros, and offers the option to run or disable them. Word also automatically checks for macros in any linked documents, including templates, within a document. But this bug disables that function, so a user wouldn't know that a malicious macro was present or had run. Such a macro could take any action that a user could, including changing or deleting files, contacting a Web site, disabling security settings, or even reformatting a hard drive, Microsoft says.
Users could access an affected Word document from a floppy disk, a Web page, or an attachment via e-mail.
Microsoft says this bug affects only Word, not other Office components. The Outlook Express security update, which is included with Word 2002, is protected from e-mail worms and would also protect users from a Word document with a malicious macro.
Macros have long been the province of annoying, but usually not terribly destructive, viruses.
Microsoft Office Home and Student 2007
Save on Printing Costs
- Great year-end deals
for small business! -
Get 24/7 live remote AT&T Tech Support 360* service along with select Lenovo* PCs (with Intel® Core™ 2 Duo processors) and save up to 200!
-
HP EliteBook* 6930p Notebook with Intel® vPro™ technology and a free HP Basic Docking Station - $641 instant savings!
- *Other names and brands may be claimed as the property of others. ©2009 Intel Corporation. Intel, the Intel logo, vPro and Core trademarks of Intel Corporation in the United States and other countries. All rights reserved.
People who read this also read:
Best Prices on Antivirus Software
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.90
Anti-virus 2010 (OEM Product, 1 User)Price: $21.56
AntiVirus Plus 2010 - 3 Users (Full Product)Price: $14.99
Norton AntiVirus 2009 (Full Product)Price: $16.89
AntiVirus 2010 (Full Product)Price: $24.95
Anti-Virus 2009 (Full Product)Price: $15.04
- 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
- A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.
