March 22, 2008 (Computerworld)
Microsoft Corp. yesterday warned of a critical vulnerability that affects users of Word running on Windows 2000, XP and Server 2003 SP1 -- several weeks after one security company first reported an exploit and a day after a second vendor confirmed ongoing attacks.
In an advisory posted Friday, Microsoft acknowledged "public reports of very limited, targeted attacks" that exploit a bug in the Microsoft Jet Database Engine, a Windows component that provides data access to applications including Microsoft Access and Visual Basic.
According to Symantec Corp., however, the attacks Microsoft described used malicious Word 2000, 2002, 2003 and 2007 documents, which in turn call up the vulnerable Jet .dll (Dynamic Link Library file).
"We believe that the issue being described [by Microsoft] is one described on March 20, 2008, by Elia Florio of Symantec Security Response," the security firm told customers of its DeepSight threat-analysis network on Saturday. "He notes a recent discovery, by Panda Security, of a possible zero-day exploit observed in the wild."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9070840
I commend Microsoft for their swift movement on fixing this infectious bug that is going around. If everyone company took action after just two complaints, maybe they would be raking in $50 billion a year in revenue
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment