2008 - 736 views, 3 Comments

Summary: Microsoft has announced this week a security hole in MS Word - well, actually it's in the Jet Database engine, but that creates a vulnerability in MS Word, which attackers can exploit to gain remote access and control of your computer. Nearly all versions of Windows, including XP, 2000 (2K) and many Windows Server editions, are vulnerable. In fact the only versions of Windows not vulnerable to this attack are Vista, and Windows Server 2003 SP2.

Previous Article « Has Safari Suddenly Appeared on Your Windows XP or Windows Vista Machine? Surprise!
Read Next Article » Companies That End Run Pop-Up Blocking to Shove Their Advertising Down Your Throat, and How to Stop Them

Microsoft has announced this week a security hole in MS Word - well, actually it’s in the Jet Database engine, but that creates a vulnerability in MS Word, which attackers can exploit to gain remote access and control of your computer. Nearly all versions of Windows, including XP, 2000 (2K) and many Windows Server editions, are vulnerable. In fact the only versions of Windows not vulnerable to this attack are Vista, and Windows Server 2003 SP2.

As Microsoft works further to reduce the vulnerability of their operating system to attack, so have the fraudsters, fishers and fly-by-nights changed their attempts to access your data or gain control of your machine. Over the past few years, attackers have moved their focus to Office applications, piggybacking Trojans and other malevolent payloads in files that all too many Pointy-Headed Bosses click on without thinking of the potentially disastrous consequences. Between 2002 and 2006, fewer than 10 high-severity issues were reported in the Office suite of applications annually. But last year alone some 26 were reported, some of which were used to target corporations, political organizations, government agencies and parts of the US military.

Microsoft issued a Security Advisory late last week (950627, entitled Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution), warning of reported attempts to use a vulnerability in the Microsoft Jet Database Engine, exploited through Microsoft Word. If this attack is successful on your machine, the attacker can gain the same user rights as the local user (i.e. you); yet one more reason to use administrator privileges only to actually administer your machine, and to use normal user privileges when you’re being a normal user.

The good news: if you’re on Vista (with or without SP1) or Windows Server 2003 SP2, you are invulnerable to this particular attack.

The bad news: all other operating systems (2000, XP, or Windows Server 2003 SP1) are not.

What can you do to minimize the risk of becoming a victim of this type of attack? If you receive an email with a Word file and a Jet database file (which may or may not have the default extension .mdb), both perhaps archived in a ZIP file, consider the email unsafe and do not click on the attachments. Microsoft email programs won’t directly open the database, because Microsoft considers them insecure, but the email program will save files to a directory, and if you then take the explicit action to open the Word document, the database file will be indirectly opened too, and … you’re now compromised.

And, of course, as we always preach, generally don’t open any attachments, at least until you confirm that the person who purportedly sent them - who had better be someone that you know - actually sent them.

Don’t fall prey to this kind of attack. This particular exploit happens to use Word as the indirect method of opening the database payload, but it could equally well have been Powerpoint or Excel. To quote Microsoft: “users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.” Andy Grove was much more succinct: “only the paranoid survive. ”

Wherever your particular comfort level may be, remain constantly vigilant for attempts to trick you into doing something you’ll later regret. Follow good email practice, and be safe.

Email the link for this page to a friend!

» Security Hole in Word Allows Attack Through Email with Ginwui.a Trojan

» 3 New Windows Security Bulletins for July, Many Systems Affected

» Security Hole in Microsoft Excel

For additional similar stories check out our archives on Microsoft, Security

3 Comments »

I teach a weekend class. My students (some of whom are newbies) send me attachments. What am I supposed to do now? If their machines are infected, most would not know.

Comment by Sally — 3/25/2008 @ 12:19 pm
apple, hp, compaq, microsoft, dell.. thanks for nothing.

Comment by margaret — 3/25/2008 @ 3:56 pm
To Sally:

Do your students need to send you doc files from Word? If they don’t, ask for PDF files, which though not immune to compromise seem to have escaped many of them, at least until now.

If they’ve got to send you Word files, accept and view only single Word files. This particular security alert relates to the combination of a Word file and another (which may or may not have the mdb extension).

If you’re on XP/2k, and your version of Msjet40.dll is lower than 4.0.9505.0, you’re vulnerable.

Suggestion: McAfee DAT files version 5256 (released March 20) detect all known Access exploits as Exploit-MSJet. If you don’t use McAfee, check with your anti-virus provider.

Comment by Grumpy Old Man — 3/25/2008 @ 7:19 pm

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>