Skip to main content

What's the problem with Microsoft Word?

Microsoft logo
2008 HowStuffWorks
In 2006 and 2007, major security flaws were discovered in Microsoft Word.

In the last two months of 2006 alone, at least four major security flaws involving Microsoft Word were revealed. All are "zero day" flaws, meaning Microsoft and security organizations became aware of them at the same time that destructive hackers became aware of them. In many "zero day" cases, it's the exploitation of the flaw that brings it to the attention of the software companies; in other cases, the software companies announce the flaw and hackers immediately take advantage of it before a patch can be released. The strange thing about these Word problems is that almost eight weeks after the flaws were exploited by attackers, Microsoft still hadn't released a patch to fix it.

The first in this string of security holes popped up in early December 2006. This flaw affects computers running Word 2000, 2002 and 2003; Word 2004 for Mac and Word 2004 version X for Mac; Word Viewer 2003; and Microsoft Works 2004, 2005 and 2006. An attacker hides a piece of code in a Word document and puts it on a Web site for download or sends it out as an e-mail attachment. When a user downloads or opens the document, the attacker can remotely control the user's computer and execute a wide array of codes under the user's own login. This flaw came to Microsoft's attention on December 5, 2006, when people started reporting attacks.

A second, previously unknown flaw started to draw attention just a week later, this one also allowing a remote attacker to take control of a user's PC. According to Microsoft, though, this flaw exploits a entirely different security hole -- one that opens when Word undergoes a specific error. Apparently, this attack doesn't require a user to download a malicious file; it only requires the Word program on the person's computer to experience this error, at which point an attacker can enter the system and run malicious code. It affects Word 2000, 2002 and 2003 and Word Viewer 2003.

computer monitor
2008 HowStuffWorks
Software flaws can cause a lot problems through malicious hacking.

Security experts have attributed these two security holes to memory-corruption flaws
in the Word programs. Days later, a third flaw was revealed. This one also allows for remote access and control of a user's machine and has been tied to a buffer-overflow problem in Word. It came to public attention when a software expert called "Disco Johnny" published a proof-of-concept code on the Web that showed how a malicious hacker could exploit it, essentially providing instructions for running an attack in addition to showing Microsoft it has yet another problem.

And about five weeks later, on January 25, a fourth security hole became the subject of a malicious attack that begins when a user opens a rigged Word file sent as an e-mail attachment and has similar results to the previous attacks: Remote access and control of an entire system if it's running Word 2000. If the computer is running Word 2003 or Word XP, it only crashes the computer, as opposed to opening it up to remote control.

These four issues were only the latest in a series of attacks exploiting previously undiscovered flaws in a wide array of Microsoft Office applications. In September 2006, hackers started exploiting another zero-day Word flaw, this one only affecting Word 2000. A user had to open an infected Word 2000 document using the Word 2000 program in order for the virus, MDropper.Q, to drop a piece of code in the user's PC. This allowed a remote attacker to take control of the infected PC.

Microsoft recommends installing multiple layers of security software and updating the versions vigilantly. Beyond that, we can only use the wariness we've become accustomed to when opening attachments or downloading files, with an extension into a traditionally safer area: Now, if it ends with .doc, don't touch it unless you know and trust the source.

Popular posts from this blog

Hide Files or Folders Using Command Prompt

Hide Files or Folders Using Command Prompt This is my second instructable. This one is totally different from my previous post...
In this esteemed instructable i'll be guiding you to hide a folder by using cmd.. Even the folder option method won't be able to track the hidden folder

You'll need
1. Windows based operating system
Step 1: Run Command Prompt and Basic Text Commands There are several methods to run cmd.. Some of them are listed below

1. Start -> Run -> Cmd
2. Starrt -> Program Files -> Accessories - > Command Prompt

Command Prompt is a newer version of Dos and other os similar to that.. In order to fulfill your needs to hide a folder you must atleast know some basic commands ...

Cd - navigates through a folder
Md - creates a folder
Dir - Directory list
Attrib - provides with various attrib features
Step 2: Hide d targeted folder Alright, it's time to hide the folder

Presuming that I have a folder named Secret in F:\ Drive
Here are the steps to do

First of all n…


An increasing number of IT professionals have been finding it difficult to handle emotional stress, according to experts. An ‘occupational hazard,' the stress related to work needs to be addressed without delay, they emphasise.

“Coping with stress and striving for mental health welfare should be a matter of concern for all and not treated simply as a lifestyle problem of the ‘IT phenomenon',” says Nithya Chandrasekaran, a consultant physician for many IT companies in the city. Post-recession, employees feel pressured to perform well.

Regular occupational problems such as wrist problems due to constant handling of the mouse, slip disc and eye fatigue are common now, but handling stress that arises owing to fear of losing job or to cope with the increasing competition, affects the employee's performance, eventually, taking a major toll on his health, doctors explain.

The project that K. Balajee (29) was handling was pulled off after six months of its inception. Currently ma…

Computer Server

Server A server is a computer that provides data to other computers. It may serve data to systems on a local area network (LAN) or a wide area network (WAN) over the Internet.

Many types of servers exist, including web servers, mail servers, and file servers. Each type runs software specific to the purpose of the server. For example, a Web server may run Apache HTTP Server or Microsoft IIS, which both provide access to websites over the Internet. A mail server may run a program like Exim or iMail, which provides SMTP services for sending and receiving email. A file server might use Samba or the operating system's built-in file sharing services to share files over a network.

While server software is specific to the type of server, the hardware is not as important. In fact, a regular desktop computers can be turned into a server by adding the appropriate software. For example, a computer connected to a home network can be designated as a file server, print server, or …