Microsoft investigates Word flaw

Vulnerability affects versions sold from 2000 through 2006

MSN Tech and Gadgets

Great tech gadgets: When spouses collide

Tech Holiday Gift Guide

Top 10 Black Friday Web sites
Here's a list of Web sites you'll want to keep an eye on for Black Friday deals, so sync them across your computers with Chrome bookmarks, save them to delicious or just store them in your favorite browser.

When spouses collide: His and hers gadgets

This holiday season, let the games begin!

Best games for kids over 10

Real Women’s Guide to Technology

Getting the most from your HDTV

An MSN special that focuses on consumer technologies that can benefit women.

Pick the perfect mobile phone companion

Why smartphones are so smart

Tech and gadgets videos

Hot tech gifts
Nov. 29: The Washington Post's Rob Pegoraro gives Msnbc's Alex Witt a rundown of some of the hottest tech gifts for the holiday shopping season.

Border crossing app causes concern

Hot holiday gifts

Hot hamster poised to be holiday hit

Cell application aids in border crossings

Video

Tech Watch
The latest in technology and entertainment news.

Auto Tech

6 high-tech boosts for the auto industry

A better economy may lure buyers, but these trends could seal the deal.

Go to Auto Tech

Most popular

• Most viewed

• Top rated

• Most e-mailed

Chelsea Clinton to wed next summer

Aerialist in L.A. mall show survives fall

Suspect in cop-killings eludes police dragnet

Slideshow: History of presidential weddings

Ex-Ohio autoworker tried for 27,900 deaths

Most viewed on msnbc.com

By Brian Bergstein

updated 9:03 p.m. ET Dec. 6, 2006

A newly disclosed flaw in Microsoft Word could let malicious hackers take control of victims' computers by sending them e-mail with a Word document attached.

Microsoft Corp. informed computer users of the problem Tuesday, though the company classified it as a security "advisory." That makes it a less urgent warning than other security disclosures, though the company is investigating attacks that exploited the vulnerability.

As of Wednesday evening, the company had not released a patch to fix the problem.

Story continues below ↓

advertisement | your ad here

The vulnerability affects versions of Microsoft Word sold from 2000 through 2006. Microsoft Word 2007, which is currently available only to businesses, is not vulnerable, the company said.

To fall prey, a computer user would have to open a Word document attached to an e-mail. Microsoft advised people not to open or save attachments from unknown correspondents. Security experts consider that standard e-mail advice under any circumstances, but Microsoft also suggested rejecting unsolicited attachments even from friends and colleagues.

This vulnerability appeared no more dangerous than other flaws that have emerged previously in Microsoft Office applications, said Dan Hubbard, vice president of security research at Websense Inc.

Even so, the threat is worth taking seriously, said Justin Bingham, chief technology officer for network monitoring company Intrusic Inc.

He noted that it would be very easy for a con artist to call someone in a company, state a legitimate-sounding pretense _ posing as a vendor or a jobseeker, for example _ and then send an e-mail with an benign-seeming Word attachment that exploited the security hole.

"The gravity of this problem is very big," he said. He added that when Microsoft issues a patch for the security hole, companies should install it immediately rather than waiting until their next regularly scheduled update.