Hackers are exploiting a vulnerability in Microsoft Word to plant malware on Windows PCs.
The bug in Microsoft Word 2002, 2003, 2007 and 2010 was patched Nov. 9 as part of Microsoft's monthly security update.
The attack uses a malicious RTF (Rich Text Format) file to generate a stack overflow in Word on Windows, said MMPC researcher Rodel Finones. Following a successful exploit, the attack code downloads and runs a Trojan horse on the compromised computer.
Word 2008 and 2011 for the Mac have also been patched, but Microsoft has not yet issued a fix for the same flaw in the older Word 2004. The circulating attacks affect only Windows versions of the suite, however.
Last month, Microsoft rated the RTF vulnerability as "critical" in Word 2007 and 2010, but as "important" in all other affected versions.
Users who have not yet installed the November patch are being urged to do so as soon as possible.
Return to microsoft news headlines
View Microsoft News Archive