New Unpatched Zero-Day in Microsoft Word

US-CERT is investigating reports of a new Microsoft Word vulnerability affecting Word 2000 and Word 2003/XP. Earlier today, Symantec published an alert indicating that the vulnerability could be exploited to allow an attacker to execute arbitrary code in the context of the user who is logged in. Details of the vulnerability are not yet clear; however, the alert indicated that exploitation is occurring in the wild.

Until more information becomes available, US-CERT recommends the following actions to help mitigate the security risks:

• Do not open untrusted Word documents or attachments from unsolicited email messages.
• Disable automatic opening of Microsoft Office documents.
• Do not rely on file name extensions as a way to securely filter against malicious files.
• Install anti-virus software and keep its virus signature files up-to-date.
• Save and scan any attachments before opening them.
• Limit user privileges to no administrator rights.

US-CERT will continue to investigate and provide additional information as it becomes available.