September Patch Tuesday Fails to Address Zero-Day Exploit in MS Word

13 Sep 12:46

Microsoft delivered three patches this Microsoft September Patch Tuesday. The code relates to a critical bulletin for Microsoft Publisher, an important bulletin for the pragmatic general multicast (PGM) networking communications and a moderate severity bulletin for the Indexing service. In addition, two old patches were discretely re-done.

The most conspicuous patch this month was the absent one, a patch stopping the day zero exploit using a vulnerability in MS Word. We wrote about that here some days ago (link below). This vulnerability is already being exploited, albeit, according to PatchLink, at a low level, so it is unfortunate it was not included. This fact will indicate to the criminal community that they will probably have a window of at least a month to exploit the vulnerability, so users need to protect against exploits. A few things can be done:

Turn on Safe Mode in MS Word
Use an incoming traffic filter that can block MS Word files at your gateways or firewalls
Open incoming Word documents with an application that can display their content but not execute active content, rather than with MS Word, e.g. Apple's Preview.
Tell staff to be extra vigilant with regard to Word documents.

More information about the patches themselves is available from Microsoft and on our associate site, heisec.co.uk (links below). More information about patching is available from PatchLink (link below).

Related links: (Open in a new window.)
chi-publishing.com/index.php?newsID=1131
www.microsoft.com/technet/security/bulletin/ms06-sep.mspx
www.heise-security.co.uk/news/78104
www.heise-security.co.uk/news/78112
www.patchlink.com/redirect.asp?IDr=157&IDd=315

Taken from Information Security Bulletin.