Monday, May 22, 2006

Zero-day Word flaw used in attack

CNET "A new, yet-to-be-fixed security hole in Microsoft Word exposes computer users to cyberattack, Symantec warned Friday.
Would-be intruders already have attempted to compromise PCs at a Japanese government entity by exploiting the flaw, Vincent Weafer, the senior director at Symantec Security Response, said in an interview. In response, Symantec has raised its ThreatCon to Level 2, which means an outbreak is expected.
'What we're seeing is a continuation of the targeted threat using zero-day vulnerabilities,' Weafer said. (Zero-day flaws are ones for which no patch exists.) 'We got it from a single large customer inside Japan. We have not seen anyone else get it.' "

No comments: