dbarrow
05-21-2006, 11:35 AM
http://www.betanews.com/article/Critical_Word_Vulnerability_Uncovered/1148075271
Security researchers have discovered a zero-day vulnerability in Microsoft Word, which is already being actively exploited by hackers in China and Taiwan. Microsoft's Security Response Center says it is working with antivirus vendors to prevent attacks and plans to release a security patch on June 13. ...
...F-Secure has dubbed the trojan "Ginwui.A" and says it allows a hacker to: create, read, write, delete and search for files and directories; access and modify the Registry; manipulate services; start and kill processes; and more.
Symantec, meanwhile, has raised its ThretCon Level to 2 following news of the exploit. "The DeepSight Threat Analyst team advises administrators to block Microsoft Word document email attachments at the network perimeter," the company said. "Furthermore, use extreme caution while processing Microsoft Word attachments received via unexpected email."
REPEAT>>>>>>
"Furthermore, use extreme caution while processing Microsoft Word attachments received via unexpected email."
Doug's rule for email transfer of files:
#1: Notification email
First, send a notification email to warn of a following email with an attachment, ie:
Dear X, I am sending you a following email with the file attachment you requested.
The file name is xxx.doc, size xxxx
This file has been scanned with Nod32 AV and found to be clean.
#2: Send the email with attachment with header
ATTACHED FILE xxx.doc
As a general rule, I will immediately trash any email that contains any kind of attachment unless I first receive a notification that it is coming, what the file name is, and the size of the file.
If you are going to send emails with attachments, follow this proceedure and be sure to manually scan the file before attaching even though it will be scanned again by your AV on the way out, just to be sure.
Never use the preview pane in OE or Outlook.
Even if you know the name of the sender, do not open any email with attached files unless you first receive notification one is coming and what it contains.
Security researchers have discovered a zero-day vulnerability in Microsoft Word, which is already being actively exploited by hackers in China and Taiwan. Microsoft's Security Response Center says it is working with antivirus vendors to prevent attacks and plans to release a security patch on June 13. ...
...F-Secure has dubbed the trojan "Ginwui.A" and says it allows a hacker to: create, read, write, delete and search for files and directories; access and modify the Registry; manipulate services; start and kill processes; and more.
Symantec, meanwhile, has raised its ThretCon Level to 2 following news of the exploit. "The DeepSight Threat Analyst team advises administrators to block Microsoft Word document email attachments at the network perimeter," the company said. "Furthermore, use extreme caution while processing Microsoft Word attachments received via unexpected email."
REPEAT>>>>>>
"Furthermore, use extreme caution while processing Microsoft Word attachments received via unexpected email."
Doug's rule for email transfer of files:
#1: Notification email
First, send a notification email to warn of a following email with an attachment, ie:
Dear X, I am sending you a following email with the file attachment you requested.
The file name is xxx.doc, size xxxx
This file has been scanned with Nod32 AV and found to be clean.
#2: Send the email with attachment with header
ATTACHED FILE xxx.doc
As a general rule, I will immediately trash any email that contains any kind of attachment unless I first receive a notification that it is coming, what the file name is, and the size of the file.
If you are going to send emails with attachments, follow this proceedure and be sure to manually scan the file before attaching even though it will be scanned again by your AV on the way out, just to be sure.
Never use the preview pane in OE or Outlook.
Even if you know the name of the sender, do not open any email with attached files unless you first receive notification one is coming and what it contains.