‘Patch Tuesday’ looms again: the next scheduled Security Bulletin release is 12th December, so get ready for next week’s patches.
Hopefully, Microsoft will manage to include a patch for the vulnerability currently being exploited in what the company refers to as ‘limited “zero-day” attacks’. The vulnerability is present in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
It seems the attack can only be carried out if a user first opens a malicious Word file which is attached to an email or has been delivered by the attacker in some other way.
Doubtless Microsoft will provide more information as investigations proceed; we’re monitoring the situation. In the meantime, Microsoft is advising its customers as ‘a best practice’, to exercise extreme caution when opening unsolicited attachments from both known and unknown sources.