Detecting a serious vulnerability in MS Word

Picture 1 of Detecting a serious vulnerability in MS Word Security researchers have just discovered a serious 'zero-day' security hole in Microsoft Word that has been exploited by Chinese and Taiwan hackers.

Microsoft Security Response Center said the center has worked hard with security vendors to prevent attacks through the use of security vulnerabilities mentioned above. Expected patches will be released on 13/6 here.

This security error is exploited via a special 'Word' file attached to the email. If users open this file in Word XP or Word 2003, a trojan will break into their system. This trojan is equipped with the features of rootkits to hide itself from antivirus security applications.

This trojan is responsible for communicating with a remote server. However, until now, experts still do not know what kind of data they transfer.

SANS Internet Storm Center researcher Chris Carboni in confirmed that when an attack with this vulnerability was launched, the trojan would drop another bot or malware onto the system.

There is no security firm that has detected any kind of malicious code to exploit this security bug. And Microsoft is trying to find solutions to overcome this problem. Microsoft plans to update the Windows Live Safety Center service, adding features to detect attacks exploiting the security flaw.

Security firm F-Secure said the Trojan horse Ginwui.A broke through a special Word 'file, allowing hackers to create, read, edit and search for files, folders, access to Registry edits, initialization. service poisoning, start up or cancel processes .

In the meantime, Symantec raised the security level to level 2 after the security flaw was released.

Users are warned to be careful when opening an email attachment.

Hoang Dung