Skip to Navigation | Skip to Content

New MS Word Attack Circulating

« ITS Scheduled Maintenance | Main | New ITS Website »

There is a critical MS Word vulnerability circulating the Internet and it is appearing as a simple Word document file. This specially crafted Word document contains an embedded trojan file that can put a computer at risk to a malicious attack.

Once the infected Word file is opened, it loads a trojan file onto the computer. Following the trojan's installation, it then initiates a backdoor command that allows more malicious files to be downloaded onto the infected computer. Those malicious files can include keylogging tools, which can be used to record what you type on your computer.

For the moment, Microsoft does not have an update available. Users are being told to not open untrusted Word document files. Once an update is available, a link will be posted in the alerts page.

Confirmed affected systems for this paritcular attack are computers running both Windows 2000 & Microsoft Word 2000. Although not yet confirmed, it is cautioned that this vulnerability may affect other versions of Microsoft Windows and/or Word.

More information regarding this attack can be found here :

MS Word 0-day attack flaw

Update available 09/12/06

Microsoft has stated that there will be one Office and two Windows updates available on 09/12/06 that will address multiple critical vulnerabilities. It is believed that these updates will fix the current Word vulnerability, amongst other exploits. We will issue an alert when this becomes available.