Microsoft has disclosed a unpatched security glitch in Word 2002 (Office XP) only,
Microsoft has disclosed a unpatched security glitch in Word 2002 (Office XP) – that’s the bad news.
The good news is that the problem seems limited to only Word 2002. Later versions of Word (2003, 2007, Word viewers and Office for Mac) are NOT affected.
The specifics of the security hole aren’t being disclosed, for obvious reasons, however generally the problem is yet another ‘remote execution’ attack which we’ve seen many times before. A Word document can be hacked in a special way to allow a small program to be run on any computer opening that document. The program can then allow remote access to your computer for all manner of unwanted purposes.
Microsoft is being specific that the problem affects Word 2002 Service Pack 3, but that should not be taken to mean that Word 2002 with earlier service packs (or none) are immune.
With Word 2000 (Office 2000) Microsoft is having edging their bets. In the security advisory as it stands, they are saying that Word 2000 “does not appear to be vulnerable” (our italics) but then it’s in the ‘Non-affected software’ list. That because an infected document might cause Word 2000 to crash.
There’s no timetable for a patch so in the meantime all Word 2000 users can do is be careful when opening documents – which is good advice for all Office users at any time.
