In the week leading up to 12 December 2006, two new Microsoft Word zero-day vulnerabilities became public (Word I, Word II). Microsoft’s December Patch Tuesday fell on December 12, but this cocktail of Microsoft’s patches did not include fixes for the two new Word flaws. To make matters worse, on December 12, a third zero-day Word flaw was released (Word III).
Although one could argue that the December 12 release of a new Microsoft flaw was only a coincidence, it fits the trend of the disclosure of Microsoft vulnerabilities on or just after a Patch Tuesday. November’s trend-fitter, a vulnerability in Microsoft Active Directory, did not include a public proof-of-concept; this month’s trend-fitter, however, does have a public proof-of-concept.
So the Word zero-day trio has a window of exposure of at least a month. Please stay secure as we continue to protect our customers against such attacks.
December 16th, 2006 at 10:00 am
[…] A text file that accompanied the exploit described it as a two-stage proof-of-concept Word document. Security firms Symantec–the owner of SecurityFocus–and McAfee both confirmed the exploitability of the security bug, with McAfee noting that the issue appears to match a trend of publishing flaw information near Microsoft’s Tuesday release of software updates. […]
December 17th, 2006 at 12:08 pm
Do the McAfee patterns that detect these three threats provide heuristic detection? I am particularly interested protection against email borne threats.
Cheers,
si
December 18th, 2006 at 5:31 am
Do you have anti-virus detection signatures available for all three avenues of attack exploiting these vulnerabilities ?
Do they only detect the proof-of-concept or also possible variants ?
What is the latest required VirusScan DAT file to stay protected from this trio ?
December 18th, 2006 at 6:25 am
OpenOffice 2.1 also is vulnerable to Word III