Microsoft Word Vulnerability Exploit Through Jet Database: Word Up on Security Hole - 1,677 Views, 3 Comments
|
Previous Article « Has Safari Suddenly Appeared on Your Windows XP or Windows Vista Machine? Surprise!
Read Next Article » Companies That End Run Pop-Up Blocking to Shove Their Advertising Down Your Throat, and How to Stop Them
Microsoft has announced this week a security hole in MS Word - well, actually it’s in the Jet Database engine, but that creates a vulnerability in MS Word, which attackers can exploit to gain remote access and control of your computer. Nearly all versions of Windows, including XP, 2000 (2K) and many Windows Server editions, are vulnerable. In fact the only versions of Windows not vulnerable to this attack are Vista, and Windows Server 2003 SP2. As Microsoft works further to reduce the vulnerability of their operating system to attack, so have the fraudsters, fishers and fly-by-nights changed their attempts to access your data or gain control of your machine. Over the past few years, attackers have moved their focus to Office applications, piggybacking Trojans and other malevolent payloads in files that all too many Pointy-Headed Bosses click on without thinking of the potentially disastrous consequences. Between 2002 and 2006, fewer than 10 high-severity issues were reported in the Office suite of applications annually. But last year alone some 26 were reported, some of which were used to target corporations, political organizations, government agencies and parts of the US military. Microsoft issued a Security Advisory late last week (950627, entitled Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution), warning of reported attempts to use a vulnerability in the Microsoft Jet Database Engine, exploited through Microsoft Word. If this attack is successful on your machine, the attacker can gain the same user rights as the local user (i.e. you); yet one more reason to use administrator privileges only to actually administer your machine, and to use normal user privileges when you’re being a normal user. The good news: if you’re on Vista (with or without SP1) or Windows Server 2003 SP2, you are invulnerable to this particular attack. The bad news: all other operating systems (2000, XP, or Windows Server 2003 SP1) are not. What can you do to minimize the risk of becoming a victim of this type of attack? If you receive an email with a Word file and a Jet database file (which may or may not have the default extension .mdb), both perhaps archived in a ZIP file, consider the email unsafe and do not click on the attachments. Microsoft email programs won’t directly open the database, because Microsoft considers them insecure, but the email program will save files to a directory, and if you then take the explicit action to open the Word document, the database file will be indirectly opened too, and … you’re now compromised. And, of course, as we always preach, generally don’t open any attachments, at least until you confirm that the person who purportedly sent them - who had better be someone that you know - actually sent them. Don’t fall prey to this kind of attack. This particular exploit happens to use Word as the indirect method of opening the database payload, but it could equally well have been Powerpoint or Excel. To quote Microsoft: “users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.” Andy Grove was much more succinct: “only the paranoid survive. ” Wherever your particular comfort level may be, remain constantly vigilant for attempts to trick you into doing something you’ll later regret. Follow good email practice, and be safe.
Follow Anne on Twitter
Friend Anne on Facebook
Microsoft Word Vulnerability Exploit Through Jet Database: Word Up on Security Hole
Twitter Explained in Plain English
Previous Article « Has Safari Suddenly Appeared on Your Windows XP or Windows Vista Machine? Surprise!
Read Next Article » Companies That End Run Pop-Up Blocking to Shove Their Advertising Down Your Throat, and How to Stop Them
Read more:
» 3 New Windows Security Bulletins for July, Many Systems Affected
» Hole in Microsoft Word for Windows and Mac Allows Attack from Internet
» Security Hole in Word Allows Attack Through Email with Ginwui.a Trojan
» Security Hole in Microsoft Excel
For additional similar stories check out our archives on Microsoft, Security
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
I teach a weekend class. My students (some of whom are newbies) send me attachments. What am I supposed to do now? If their machines are infected, most would not know.
Comment by Sally — 3/25/2008 @ 12:19 pm
apple, hp, compaq, microsoft, dell.. thanks for nothing.
Comment by margaret — 3/25/2008 @ 3:56 pm
To Sally:
Do your students need to send you doc files from Word? If they don’t, ask for PDF files, which though not immune to compromise seem to have escaped many of them, at least until now.
If they’ve got to send you Word files, accept and view only single Word files. This particular security alert relates to the combination of a Word file and another (which may or may not have the mdb extension).
If you’re on XP/2k, and your version of Msjet40.dll is lower than 4.0.9505.0, you’re vulnerable.
Suggestion: McAfee DAT files version 5256 (released March 20) detect all known Access exploits as Exploit-MSJet. If you don’t use McAfee, check with your anti-virus provider.
Comment by Grumpy Old Man — 3/25/2008 @ 7:19 pm