Microsoft Working On Word Patch; Don't Panic Say Experts

原创 2006年05月24日 13:24:00
Microsoft said it's working on a fix for the zero-day vulnerability in Word that spooked security vendors last week, but likely won’t release a patch until June 13, the next regularly-scheduled monthly patch day.

The Microsoft Word bug first surfaced Friday, when numerous security companies, led by Symantec, said that an active exploit was using an unpatched vulnerability in Word 2003 and Word XP to drop a backdoor Trojan onto a limited number of PCs. Once in place, the Trojan -- which uses rootkit techniques to infiltrate code into difficult-to-detect locations on the drive -- provides the attacker with command shell access to the PC, effectively hijacking the machine.

Friday and Saturday, Microsoft acknowledged the Word bug, said it was working on a fix, and downplayed the vulnerability.

"So far, this is a very limited attack, and most of our antivirus partners are rating this as 'low,' said Stephen Toulouse, program manager for Microsoft Security Response Center (MSRC), wrote on the MSRC blog Saturday.

Friday, Toulouse said that his team was working up a patch, which had already moved into testing, and would release with the June update, "or sooner as warranted."

Microsoft's Windows Live Safety Center has been updated, added Toulouse, to detect and delete the Trojan planted by the exploit. (It does not, however, protect a PC from infection.)

Although virtually every security company and organization put out warnings of the Word flaw, including U.S. CERT, which releases warnings sparingly (only 19 so far in 2006), some seconded the MSRC's stress on the limited nature of the attack.

"The group originating these attacks does so in a very targeted fashion," said the SANS Institute's Internet Storm Center (ISC) in its latest alert. "The document is crafted to target a specific organization, containing specific elements that deal with just that one organization. If you don't work for them, you are very unlikely to ever see this."

But if so few users are at risk, why did the security industry's alarm bells ring so loudly? A pair of analysts offered different opinions.

"Actually, I think it was because it was something different than the usual suspect, Internet Explorer," said Mike Murray, director of research at vulnerability management vendor nCircle. "When a zero-day vulnerability is about something other than IE, it usually gets more attention."

Vincent Weafer, senior director of Symantec's security response group, had a different take. "For large organizations, like enterprises and government, this [kind of attack] is what they worry about. The attack implies knowledge [of the attacked organization] and intent to mine its data."

Unlike run-of-the-mill exploits, most of which gets blocked at the corporate perimeter, a targeted attack like this is, even if rare, the kind of risk that makes IT managers loose sleep. "They're really concerned about the possibility of targeted attacks," said Weafer.

Other details of the attack have surfaced since Friday, including the location of the Web site from which the Trojan is downloaded: China. "And the URL has been used for targeted attacks in the past," said Weafer.

By the Internet Storm Center's analysis, the site has been actively changing the URL's IP address to stay up and running. As of mid-day Monday, however, the site was offline or not available to TechWeb.

"If you're not on their target list, chances are you will not see an exploit till Microsoft releases a patch and the knowledge to exploit it can be derived by the hackers," concluded the ISC.

"Panic and blindly taking actions is probably the worst course of action you can take."

相关文章推荐

finding experts on link of data

  • 2010年09月04日 09:45
  • 381KB
  • 下载

不幸的问题还是出现了:Chromium代码上整理patch(working目录/master分支),部分文件做了git checkout恢复,结果GYP再编译就出错了

redtea@Lenovo:~/Projects/Chromium/src$ ninja -C out/Release android_webview_apk ninja: Entering dir...
  • cteng
  • cteng
  • 2014年12月19日 15:12
  • 1851

What Microsoft, Oracle, IBM, And SAP Don't Tell Customers

Share The four big software vendors -- Microsoft, Oracle, IBM, and SAP -- have hidden...

working with microsoft excel

working with microsoft excel 和大多数的microsoft 的产品一样,excel通过COM借口提供了自动化excel的方法,本章只介绍一些实例代码,展示了如何使用QTP...
  • imcora
  • imcora
  • 2012年07月28日 11:26
  • 614

apache 提示You don't have permission to access /test.php on this server.怎样解决

关键字: Apache   403  Forbidden 系统配置: 操作系统:Red Hat Linux 6.2 Web服务器:Apache 3.1.1+jakarta-tomca...
  • yual365
  • yual365
  • 2011年09月23日 12:19
  • 3164

ubuntu apache cgi You don't have permission to access /cgi-bin/ on this server.

1: 错误提示:You don't have permission to access /cgi-bin/ on this server. 错误截图: 2:解决方法 网上搜的一堆方法都...

You don't have permission to access ××× on this server.

之前开发项目一直在linux上用的xampp集成环境,前几天突然想移到window上面去, 开始在window上安装了一个集成环境(名字大概是 Uniform Service),把项目文件已过去, o...

Kernel panic - not syncing: cannot execute a PAE-enabled kernel on PAE-less CPU

将CentOS5.5安装到自己机柜的主机板上,安装过程还是相当顺利的,不过reboot以后,就出现了下列问题: Kernel panic - not syncing: cannot execute a...

Say Goodbye to Windows on my notebook

对操作系统能有什么样的期待呢? 稳定可靠, 在需要时可扩展可定制, 运行效率不错, 容易上手,用着顺手,软件比较丰富完全能够满足平日需求; 相对其他系统而言, 在上述的主要方面表现优秀偏上游(不一定最...

Don't Click on the Blue E! By Scott Granneman

  • 2010年01月07日 21:38
  • 3.93MB
  • 下载
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:Microsoft Working On Word Patch; Don't Panic Say Experts
举报原因:
原因补充:

(最多只允许输入30个字)