Remortgages

US-CERT Alert: Active Exploitation of a Vulnerability in Microsoft Word

May 26, 2006 -- US-CERT is aware of an increase in activity attempting to exploit a vulnerability in Microsoft Word. The exploit is disguised as an email attachment containing a Microsoft Word document. When the document is opened, malicious code is installed on the user's machine. The exploit then attempts to connect to a remote host.
More information about the reported vulnerability can be found in the following:

* Technical Cyber Security Alert: TA06-139A - Microsoft Word Vulnerability

* Vulnerability Note: VU#446012 - Microsoft Word buffer overflow

US-CERT recommends the following actions to mitigate the security risks:

* Install anti-virus software, and keep its virus signature files up-to-date.
* Block executable and unknown file types at the email gateway.
* Review the workarounds described in Microsoft Security Advisory 919637.

Additionally, US-CERT strongly encourages users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.

We will continue to update current activity as more information becomes available.

Source: US-CERT

[ Comment, Edit or Article Submission ]