Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

WatchGuard: Attackers Exploiting Zero Day Microsoft Word 2002 Flaw

Severity: Medium

9 July, 2008


Summary:

§ These vulnerabilities affect: Microsoft Word 2002 w/SP3. Doesn’t affect any other versions of Word.

§ How an attacker exploits them: By enticing one of your users into downloading and opening a malicious Word document

§ Impact: An attacker can execute code, potentially gaining complete control of your user’s computer

§ What to do: Implement workarounds found in the “Solution Path” section below

Severity: Medium

9 July, 2008


Summary:

§ These vulnerabilities affect: Microsoft Word 2002 w/SP3. Doesn’t affect any other versions of Word.

§ How an attacker exploits them: By enticing one of your users into downloading and opening a malicious Word document

§ Impact: An attacker can execute code, potentially gaining complete control of your user’s computer

§ What to do: Implement workarounds found in the “Solution Path” section below

Exposure:

In a security advisory quietly released during Patch Day, Microsoft warns of a serious unpatched vulnerability in Word 2002 with Service Pack 3 (SP3) that attackers have begun exploiting on the Internet. Since they just discovered this vulnerability in the wild, Microsoft doesn’t describe it in any technical detail. However, they do describe how an attacker might leverage the new vulnerability: By enticing one of your users into opening a maliciously crafted Word document, an attacker could exploit this flaw to execute code on that user’s machine, with that user’s privileges. If the user has local administrator rights, the attacker would gain full control of the user’s machine.

Since attackers have already begun leveraging this flaw in the wild (in what Microsoft describes as targeted attacks), we highly recommend you implement one of the workarounds suggested below.

Solution Path:

Microsoft has not had time to release a patch yet for this vulnerability. We will update this alert as soon as they do. Until that time, you can mitigate the risk of this vulnerability in the following ways:

§ Inform your users of this breaking vulnerability. Warn your users of this new flaw and remind them to avoid saving or opening unsolicited Word documents, whether or not they trust the source of the document. If they receive an unsolicited document from someone they trust, they should contact that source first, to ensure that the document is indeed legitimate.

§ Keep your antivirus (AV) software up-to-date. Many AV products will eventually release signatures for this new threat, if they haven’t done so already. Be sure to set your AV software to update automatically, so you’ll get those updates as soon as possible.

§ Block Word documents at your perimeter. Some perimeter security devices, including WatchGuard’s Firebox line, are able to block certain types of content at your gateway. If you like, you can set these devices to block all Word files that arrive via HTTP, SMTP, or FTP. (Of course, some businesses need to receive Word files on a daily basis; in that case, you can either skip this workaround, or have legitimate senders zip their Word files before sending them.)

For All WatchGuard Users:

Many of WatchGuard’s Firebox models allow you to prevent your users from accessing Word (.doc) files via the web (HTTP) or email (SMTP, POP3). So, you can temporarily mitigate the risk of this vulnerability by blocking .doc files using your Firebox’s proxy services (video instructions below). Again, if blocking Word documents will disrupt your business, you can skip this workaround or ask legitimate senders to zip their Word files.

If you choose to block Word documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .doc files by their file extensions:

§ Firebox X Edge running 10.x

§ How do I block files with the FTP proxy? (Video, 2:30)
Windows Media, 17.4MB   /    QuickTime, 11.8MB

§ How do I block files with the HTTP proxy? (Video, 2:52)
Windows Media, 32MB   /    QuickTime, 28.6MB

§ How do I block files with the POP3 proxy? (Video, 2:35)
Windows Media, 17.6MB   /    QuickTime, 16.5MB

§ How do I block files with the SMTP proxy? (Video, 2:18)
Windows Media, 12.2MB   /    QuickTime, 9.1MB

§  

§ Firebox X Core and X Peak running Fireware 10.x

§ How do I block files with the FTP proxy? (Video, 2:30)
Windows Media, 25.2MB   /    QuickTime, 9.1MB

§ How do I block files with the HTTP proxy? (Video, 2:52)
Windows Media, 38.2MB   /    QuickTime, 10.7MB

§ How do I block files with the POP3 proxy? (Video, 2:35)
Windows Media, 23.2MB   /    QuickTime, 10.1MB

§ How do I block files with the SMTP proxy? (Video, 2:18)
Windows Media, 25.6MB   /    QuickTime, 9.0MB

Status:

Microsoft hasn’t had time to release a patch for this zero day vulnerability. We will inform you when they do.

References:

Microsoft Word 2002 Security Advisory 07-08

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 24 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...