Folgende Microsoft-Sicherheitsempfehlung wurde gestern Nacht veröffentlicht. Sie betrifft eine Sicherheitsanfälligkeit in Microsoft Word 2000.
________________________
What is this alert?
This alert is to notify you that Microsoft has released Security Advisory 932114 – Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution - on 26 January 2007.
Summary:
Microsoft is investigating new public reports of limited "zero-day" attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.
As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Recommendations:
Review Microsoft Security Advisory 932114 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.
Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services (
Microsoft Help and Support) at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site:
Select your region.
Additional Resources:
• Microsoft Security Advisory 932114 – Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution
Microsoft Security Advisory (932114): Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution
• MSRC Blog:
Welcome to the Microsoft Security Response Center Blog!
Note: This issue may not be the subject of a specific MSRC blog posting at the time the security advisory is released but may be the subject of a blog posting at a later time. Check the MSRC Blog periodically as new information may appear there.
Regarding Information Consistency:
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Security Advisories posted to the web are occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in the web-based Security Advisory, the information in the web-based Security Advisory is authoritative.
If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.
Thank you,
Microsoft PSS Security Team
