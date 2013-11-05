Nov 5 Microsoft Corp released an
emergency software fix on Tuesday after it learned that hackers
had exploited a previously undiscovered security flaw in its
widely used Office software to infect the PCs of its customers
with tainted Word documents.
The software maker said on its website that it had released
the software, known as a "Fix It," as a temporary measure until
it provides an update that will automatically patch computers to
protect against the new threat.
Microsoft said that it had learned of a "very limited"
number of attacks that exploited the newly discovered
vulnerability, mainly in the Middle East and South Asia. The
company did not identify the victims, who received emails asking
them to open the tainted Word documents.
The vulnerability affects customers using Office 2003 and
Office 2007 as well as those running Office 2010 on Windows XP
and Server 2003.
The attacks took advantage of an undiscovered flaw, or "zero
day" vulnerability in industry parlance, which is usually only
used on a limited number of high-value targets in a bid to keep
the flaws a secret.
Typically, when makers of widely used software programs
issue a warning about a zero-day bug, groups of hackers rush to
reverse-engineer the Fix Its so they can build computer viruses
that also exploit the same vulnerabilities.
Stuart McClure, chief executive officer of the cybersecurity
firm Cylance Inc, said that businesses using vulnerable versions
of Office should install the Fix It to prevent attacks.
"I definitely think it is something that needs to be
patched," he said.
Fix Its are pieces of software for remediating security
flaws that must be manually downloaded and installed on PCs.
They are designed to protect customers while Microsoft prepares
official updates, automatically delivered via the Internet to be
installed on computers.
The new Fix It is available at this link: here