Microsoft admits Word users are at risk from critical Jet vulnerability
Please support our Hardware and Software advertiser: Programming Forums
Mar 24th, 2008, 7:20 am
According to reports it would appear that Microsoft has confirmed the presence of a critical vulnerability which impacts upon users of MS Word for Windows 2000, XP and Server 2003 SP1. Shame it has taken many weeks for Microsoft to admit this, and only after a second security vendor recently discovered in the wild exploits.
The vulnerability exploits bugs in the Microsoft Jet Database Engine, Jet.dll, and Symantec has stated that the attacks have been described by its own Security Response team as using malicious Word 2000, 2002, 2003 and 2007 documents to call the Windows component.
Another security outfit, Panda, claims to have blogged about the vulnerability some three weeks back but accuse Microsoft of dismissing the in-the-wild-exploits reports by saying "they would not fix these mdb vulnerabilities" which researcher Ismael Briones reckons is part of some bizarre policy not to acknowledge vulnerabilities which are from .mdb files.
Indeed, to back up the claims, the report quotes an email response from Microsoft which states "You appear to be reporting an issue with a file type Microsoft considers to be unsafe. Many programs, such as Internet Explorer and Outlook, automatically block these files."
The vulnerability exploits bugs in the Microsoft Jet Database Engine, Jet.dll, and Symantec has stated that the attacks have been described by its own Security Response team as using malicious Word 2000, 2002, 2003 and 2007 documents to call the Windows component.
Another security outfit, Panda, claims to have blogged about the vulnerability some three weeks back but accuse Microsoft of dismissing the in-the-wild-exploits reports by saying "they would not fix these mdb vulnerabilities" which researcher Ismael Briones reckons is part of some bizarre policy not to acknowledge vulnerabilities which are from .mdb files.
Indeed, to back up the claims, the report quotes an email response from Microsoft which states "You appear to be reporting an issue with a file type Microsoft considers to be unsafe. Many programs, such as Internet Explorer and Outlook, automatically block these files."
•
•
•
•
This blog entry was written by Bill Andad, staff writer aka newsguy. It has been filed under the Hardware and Software category. It has received 1,545 views, 0 comment(s), and 22 linkbacks. It was promoted to featured news status Mar 24th, 2008.
Related Blog Entries
- Hotz does it again, iPhone 3GS is jailbroken!!! (2 Days Ago)
- Yahoo Announces 'Green' Data Center Powered by Niagara Falls (3 Days Ago)
- Neverland is Your Virtual Linux Playground (3 Days Ago)
- Pink iPhone 3GS is hot stuff (3 Days Ago)
- Sarah Palin Hacked Off (4 Days Ago)
Related Forum Threads
- Microsoft Word 2007 Does not start up (Windows Software)
- Microsoft Word abnormal termination (Windows Software)
- Microsoft Word: Can't change margin (Windows Software)
- Automate Microsoft Word From VB6 (Visual Basic 4 / 5 / 6)
- Microsoft Word Spelling Dll (Windows NT / 2000 / XP / 2003)
- Where did my Microsoft Word Clip Art go? (Windows Software)
- Microsoft word starting up in OS 9 (Mac Software)