Microsoft Promises To Patch Word 2000 Bug
The confirmation came just a day after several security companies warned users that an in-the-wild exploit was using an unpatched Word 2000 vulnerability to plant a backdoor Trojan which harvested information for criminals.
In a security advisory posted to its Web site Wednesday, Microsoft acknowledged the vulnerability and said it was developing a security update for Word.
As it has before in similar situations, Microsoft downplayed the threat, saying "in order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker."
Until a patch is provided, Word 2000 users can protect themselves by using the Word 2003 Viewer utility to open and view suspicious documents. Installing an add-on that warns Word 2000 users before they're allowed to open documents through the Internet Explorer browser can also help, Microsoft said in the advisory.
On Thursday, Microsoft announced it would release a security update for Office next Tuesday, but didn't divulge the bug(s) that will be patched. A total of 21 fixes have already been issued for Office applications Word, Excel, and PowerPoint during 2006; 19 were pegged as "critical" and several fixed vulnerabilities that had been actively exploited before fixes were in.
Unless Microsoft's time-to-patch has been sped up considerably, it's unlikely the Word 2000 flaw will be the one fixed Tuesday.