Microsoft Working On Word Patch; Don't Panic Say Experts

原创 2006年05月24日 13:24:00
Microsoft said it's working on a fix for the zero-day vulnerability in Word that spooked security vendors last week, but likely won’t release a patch until June 13, the next regularly-scheduled monthly patch day.

The Microsoft Word bug first surfaced Friday, when numerous security companies, led by Symantec, said that an active exploit was using an unpatched vulnerability in Word 2003 and Word XP to drop a backdoor Trojan onto a limited number of PCs. Once in place, the Trojan -- which uses rootkit techniques to infiltrate code into difficult-to-detect locations on the drive -- provides the attacker with command shell access to the PC, effectively hijacking the machine.

Friday and Saturday, Microsoft acknowledged the Word bug, said it was working on a fix, and downplayed the vulnerability.

"So far, this is a very limited attack, and most of our antivirus partners are rating this as 'low,' said Stephen Toulouse, program manager for Microsoft Security Response Center (MSRC), wrote on the MSRC blog Saturday.

Friday, Toulouse said that his team was working up a patch, which had already moved into testing, and would release with the June update, "or sooner as warranted."

Microsoft's Windows Live Safety Center has been updated, added Toulouse, to detect and delete the Trojan planted by the exploit. (It does not, however, protect a PC from infection.)

Although virtually every security company and organization put out warnings of the Word flaw, including U.S. CERT, which releases warnings sparingly (only 19 so far in 2006), some seconded the MSRC's stress on the limited nature of the attack.

"The group originating these attacks does so in a very targeted fashion," said the SANS Institute's Internet Storm Center (ISC) in its latest alert. "The document is crafted to target a specific organization, containing specific elements that deal with just that one organization. If you don't work for them, you are very unlikely to ever see this."

But if so few users are at risk, why did the security industry's alarm bells ring so loudly? A pair of analysts offered different opinions.

"Actually, I think it was because it was something different than the usual suspect, Internet Explorer," said Mike Murray, director of research at vulnerability management vendor nCircle. "When a zero-day vulnerability is about something other than IE, it usually gets more attention."

Vincent Weafer, senior director of Symantec's security response group, had a different take. "For large organizations, like enterprises and government, this [kind of attack] is what they worry about. The attack implies knowledge [of the attacked organization] and intent to mine its data."

Unlike run-of-the-mill exploits, most of which gets blocked at the corporate perimeter, a targeted attack like this is, even if rare, the kind of risk that makes IT managers loose sleep. "They're really concerned about the possibility of targeted attacks," said Weafer.

Other details of the attack have surfaced since Friday, including the location of the Web site from which the Trojan is downloaded: China. "And the URL has been used for targeted attacks in the past," said Weafer.

By the Internet Storm Center's analysis, the site has been actively changing the URL's IP address to stay up and running. As of mid-day Monday, however, the site was offline or not available to TechWeb.

"If you're not on their target list, chances are you will not see an exploit till Microsoft releases a patch and the knowledge to exploit it can be derived by the hackers," concluded the ISC.

"Panic and blindly taking actions is probably the worst course of action you can take."

Microsoft Working On Word Patch; Don't Panic Say Experts

Microsoft said its working on a fix for the zero-day vulnerability in Word that spooked security ven...
  • iiprogram
  • iiprogram
  • 2006年05月24日 13:24
  • 1115

爱学习,爱编程,爱咖啡可乐 爱挑战,爱钻研,爱打游戏 爱晚起,也爱工作到深夜 我擅长技术,崇尚简单和懒惰 我神秘而孤僻,沉默而爱憎分明 Don't Panic! I'm a programmer

爱学习,爱编程,爱咖啡可乐 爱挑战,爱钻研,爱打游戏 爱晚起,也爱工作到深夜 我擅长技术,崇尚简单和懒惰 我神秘而孤僻,沉默而爱憎分明 Don't Panic! I'm a programmer...
  • xiaoao7jianghu7
  • xiaoao7jianghu7
  • 2012年08月25日 18:15
  • 2741

You don't say!

You dont say! 是吗!
  • luanlz
  • luanlz
  • 2009年08月11日 09:30
  • 278

Don't say ass.

Dont say ass. 不要说脏话。
  • luanlz
  • luanlz
  • 2009年09月16日 13:01
  • 328

Don't say goodbye

柯有伦- dont say goodbye看着你哭的时候特别奇怪想给的安慰总是说不出来为何这爱总是拼凑不起来现在的你为何笑的那么愉快因为你我可以永远在这等待因为你我不会再悲哀dont say good...
  • DL88250
  • DL88250
  • 2008年04月29日 20:28
  • 9803

don't say goodbye

看着你哭的时候特别奇怪想给的安慰总是说不出来为何这爱总是拼凑不起来现在的你为何笑的那么愉快因为你我可以永远在这等待因为你我不会再悲哀dont say goodbye 我还不想离开dont say go...
  • meteorlWJ
  • meteorlWJ
  • 2008年10月28日 15:09
  • 532

Kernel panic - not syncing: No init found. Try passing init= option to kernel.

内核启动时,出现错误:……Kernel panic - not syncing: No init found.  Try passing init= option to kernel.即内核找不到系统...
  • SdustLiYang
  • SdustLiYang
  • 2011年07月20日 09:50
  • 9633

采用NAND Flash启动时出现Kernel panic - not syncing: No init found错误

通过NFS加载根文件系统的方式已经能够成功挂载根文件系统root422,并正常进入shell界面。 然后,尝试将根文件系统写到Flash中,让Nand Flash自身启动后能挂载根文件系统。 ...
  • David_xtd
  • David_xtd
  • 2012年06月25日 19:15
  • 5106

对于Kernel panic - not syncing: No init found出错的解决办法

最近,在移植linux操作系统和使用NFS文件系统启动linux操作系统时,提示 tmmac_timer: TMU2 Timer ON (freq 256Hz) IP-Config: Comple...
  • pengrui18
  • pengrui18
  • 2013年09月26日 12:03
  • 10259

Microsoft Outlook has stopped working

今天使用outlook发邮件,突然报错自动重启,提示:"Microsoft Outlook has stopped working"让联机检查问题所在或者重启程序. 解决办法: 进入File—...
  • dream_1086
  • dream_1086
  • 2015年04月01日 16:31
  • 994
您举报文章:Microsoft Working On Word Patch; Don't Panic Say Experts