Microsoft investigates Word flaw

Vulnerability affects versions sold from 2000 through 2006

MSN Tech and Gadgets

Tech Holiday Gift Guide

This holiday season, let the games begin!
Spending time with the whole family this holiday? Here's how to survive: Drink eggnog. Play video games. Check your ego at the door

Best games for kids over 10

Gifts for the hardcore techies

Oddball gifts for techies

Real Women’s Guide to Technology

Getting the most from your HDTV

An MSN special that focuses on consumer technologies that can benefit women.

Pick the perfect mobile phone companion

Why smartphones are so smart

Tech and gadgets videos

'Assassin's Creed 2' a big step forward
Sharpen your hidden blade and get ready to stab some people in the back. It’s time for Assassin’s Creed 2. Msnbc.com reviewer Robert Gonsalves takes a look at the game.

Benefits lost over Facebook pics

Are you ready for the 'Dragon Age'?

On-the-go gadgets to make travel easier

Tony Hawk’s back for a ‘Ride’

Video

Tech Watch
The latest in technology and entertainment news.

Auto Tech

6 high-tech boosts for the auto industry

A better economy may lure buyers, but these trends could seal the deal.

Go to Auto Tech

Most popular

• Most viewed

• Top rated

• Most e-mailed

NYC boy missing for 11 days lived in subways

Italians find proposed lunch ban hard to digest

Flight attendant jets from gray to gorgeous

Obama welcomes Indian prime minister

Report: ‘Cathouse’ star stabbed, slashed, shot

Most viewed on msnbc.com

By Brian Bergstein

updated 9:03 p.m. ET Dec. 6, 2006

A newly disclosed flaw in Microsoft Word could let malicious hackers take control of victims' computers by sending them e-mail with a Word document attached.

Microsoft Corp. informed computer users of the problem Tuesday, though the company classified it as a security "advisory." That makes it a less urgent warning than other security disclosures, though the company is investigating attacks that exploited the vulnerability.

As of Wednesday evening, the company had not released a patch to fix the problem.

Story continues below ↓

advertisement | your ad here

The vulnerability affects versions of Microsoft Word sold from 2000 through 2006. Microsoft Word 2007, which is currently available only to businesses, is not vulnerable, the company said.

To fall prey, a computer user would have to open a Word document attached to an e-mail. Microsoft advised people not to open or save attachments from unknown correspondents. Security experts consider that standard e-mail advice under any circumstances, but Microsoft also suggested rejecting unsolicited attachments even from friends and colleagues.

This vulnerability appeared no more dangerous than other flaws that have emerged previously in Microsoft Office applications, said Dan Hubbard, vice president of security research at Websense Inc.

Even so, the threat is worth taking seriously, said Justin Bingham, chief technology officer for network monitoring company Intrusic Inc.

He noted that it would be very easy for a con artist to call someone in a company, state a legitimate-sounding pretense _ posing as a vendor or a jobseeker, for example _ and then send an e-mail with an benign-seeming Word attachment that exploited the security hole.

"The gravity of this problem is very big," he said. He added that when Microsoft issues a patch for the security hole, companies should install it immediately rather than waiting until their next regularly scheduled update.