Microsoft investigates Word flaw

Vulnerability affects versions sold from 2000 through 2006

MSN Tech and Gadgets

8 cool phones you can't get here (yet)

Tech Holiday Gift Guide

Give the gift of gaming accessories
These gadgets help gamers play longer, better, more efficiently and more comfortably. Here are a few game-enhancing peripherals that the gamer on your list is sure to enjoy.

Online holiday shopping is trickier this year

Holiday tech gadget preview

Give the gift of a perfect gaming machine

Tech and gadgets videos

Police patrolling Facebook
Nov. 13: The Medina, Ohio, police department is posting pictures of wanted criminals on Facebook in an effort to get the public's help in tracking them down. WKYC's Mike O'Mara reports.

‘Modern Warfare 2’: Bad timing?

TIME picks 2009’s best inventions

Check out TODAY’s new video timeline

High-tech holy water font fights swine flu

Video

Tech Watch
The latest in technology and entertainment news.

Auto Tech

6 high-tech boosts for the auto industry

A better economy may lure buyers, but these trends could seal the deal.

Go to Auto Tech

Most popular

• Most viewed

• Top rated

• Most e-mailed

Makeover! Beauty pageant moms get dolled up

Madoff's Mets baseball jacket sells for $14,500

Body parts sold to kebab stand, police say

Key ingredient in new ‘love dessert’? Viagra

Overdue library books returned 51 years later

Most viewed on msnbc.com

By Brian Bergstein

updated 9:03 p.m. ET Dec. 6, 2006

A newly disclosed flaw in Microsoft Word could let malicious hackers take control of victims' computers by sending them e-mail with a Word document attached.

Microsoft Corp. informed computer users of the problem Tuesday, though the company classified it as a security "advisory." That makes it a less urgent warning than other security disclosures, though the company is investigating attacks that exploited the vulnerability.

As of Wednesday evening, the company had not released a patch to fix the problem.

Story continues below ↓

advertisement | your ad here

The vulnerability affects versions of Microsoft Word sold from 2000 through 2006. Microsoft Word 2007, which is currently available only to businesses, is not vulnerable, the company said.

To fall prey, a computer user would have to open a Word document attached to an e-mail. Microsoft advised people not to open or save attachments from unknown correspondents. Security experts consider that standard e-mail advice under any circumstances, but Microsoft also suggested rejecting unsolicited attachments even from friends and colleagues.

This vulnerability appeared no more dangerous than other flaws that have emerged previously in Microsoft Office applications, said Dan Hubbard, vice president of security research at Websense Inc.

Even so, the threat is worth taking seriously, said Justin Bingham, chief technology officer for network monitoring company Intrusic Inc.

He noted that it would be very easy for a con artist to call someone in a company, state a legitimate-sounding pretense _ posing as a vendor or a jobseeker, for example _ and then send an e-mail with an benign-seeming Word attachment that exploited the security hole.

"The gravity of this problem is very big," he said. He added that when Microsoft issues a patch for the security hole, companies should install it immediately rather than waiting until their next regularly scheduled update.