Just another day in the Office.

Here is an update to the Microsoft Word Remote Code Execution vulnerability announcement from just a few days ago. Another zero-day vulnerability has been found along with exploits in the wild:

…this attack used a new zero-day vulnerability in Microsoft Word. It is reported that the emails originated from a Yahoo! email account, which the hacker accessed through a mobile device CDMA link to conceal their identity. Security professionals claim the emails contain information about the political situation in Iran and attempts to entice recipients…

[…]

Experts claim the attack was designed to steal sensitive data through the recipient’s computer.

Moreover, Microsoft continues to investigate another proof-of-concept zero day flaw for Word discovered last week. However, neither of the vulnerabilities are expected to be tackled in tomorrow’s security update, Patch Tuesday.

It’s not clear what separates the two vulnerabilities, or if they are just variations of the same flaw.

I suppose the Microsoft advice is still to never open word attachments unless you can verify the sender’s identity and confirm their good intentions. Easy to do in an Office environment, right?

The December 12th security updates do not seem to mention either vulnerability, although they do show a re-release of MS06-059, which fixes a fix for an Excel remote code execution vulnerability.

Some Microsoft Excel 2002 users who have Microsoft Windows Installer 2.0 installed received indication that the original version of security update 923089 for Excel 2002 was installed successfully. However, the actual binary file, Excel.exe, was not updated to the secure version. The re-release version of security update 923089 for Excel 2002 corrects this issue.

Verifying the success of a patch should never be underestimated.