James Delahunty
6 Nov 2013 17:33
Microsoft is warning users of some of its Microsoft Office software that a zero-day flaw is being exploited in the wild by attackers.
The flaw affects Microsoft Office 2003, Microsoft Office 2007 on all Windows platforms, and Microsoft Office 2010 on Windows XP or Windows Server 2003.
Microsoft was made aware of attacks using a zero-day flaw in its software mostly in the Middle East and South Asia regions. It involves a specially-crafted Word document that, when opened, would exploit the vulnerability to execute arbitrary code on the system.
"An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," Microsoft said in a security advisory, issued yesterday.
Microsoft has issued a temporary work around in the form of a "Fix It" download that you can get at support.microsoft.com.