Apparently the bad guys haven’t forgotten Office 2000. A new zero-day exploit was found in the 
wild that takes advantage of a previously unknown vulnerability in Microsoft Word 2000.
"The unique thing about this is that attackers have hammered on Office 2003 [lately] but are now going back and catching some of low-hanging fruit in 2000 that hasn’t been patched," says Oliver Friedrichs, a director of the Symantec Secure Response Team, which first detected the new exploit over the weekend.
The exploit comes in the form of a Trojan, Trojan.MDropper.Q, which Symantec first discovered over the weekend. A user has to open the infected file for the attack to succeed, and so far, Symantec has seen a few cases in the wild, but it’s not widespread. Secunia gave the vulnerability its highest ranking of "extremely critical." Dark Reading - Desktop Security - Zero-Day Exploit Targets Word - Security News Analysis
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag