On May 19, Symantec identified a new flaw in Word that exposes users to malicious software that opens a “back door” into your computer. Yesterday, Microsoft released a security advisory that advises running Word in safe mode until a patch can be made available in mid-June.
The flaw is exploited when you double-click on a Word file attached to an email message. The threat is not theoretical. A large Japanese enterprise has been attacked, and Symantec has raised warning levels to Level 2, meaning a large outbreak is expected.
According to News.com:
The malicious software arrives as a Microsoft Word file attachment to an e-mail message. When the document is opened by the user, the vulnerability is triggered. In the Japanese case, the Word document actually displayed some text related to a treaty with China, but while the text was displayed, a backdoor was installed on the system, Weafer said. Backdoor software allows intruders to enter computers surreptitiously.
“The backdoor in turn pings an IP address located in Asia. It just pings to say it is available, but then, of course, you have a backdoor on your system,” he said.
The vulnerability was confirmed in Word 2003, Symantec said. The malicious file caused Word 2000 to crash, but did not run the malicious payload, it added.
Now, Microsoft is advising users to run in safe mode. This doesn’t fix the vulnerability but it does forestall most known modes of attack. In addition to running in safe mode, NEVER double-click on a Word attachment in an email message. Enterprise users can double-click on Word files in Outlook, but no other clients such as Hotmail.
To run in safe mode, disable Outlook’s feature to use Word as email editor and append
/safe to the WINWORD.exe command line.
Detailed instructions on how to do this are available at the security advisory in the “Workarounds” section.