Microsoft is investigating the technical details of recent attacks against a small number of companies to uncover what appears to be a flaw in Microsoft Word for both Macs and Windows, and Microsoft Works, the software giant said in an advisory published Tuesday night.
The previously unknown, or zero-day, vulnerability is being used in limited attacks, according to the advisory. The vulnerability appears to affect Word 2000, Word 2002, Word 2003, Microsoft Word Viewer 2003, Word 2004 for Mac, Word 2004 version X for Mac, and Works 2004, 2005, and 2006, according to Microsoft.
"In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker," the advisory stated.
Flaws in the component applications of Microsoft's Office productivity suite have plagued the software giant in 2006. In May, the company disclosed that a small number of customers had reported attacks using a flaw in Word. Flaws in other applications included in MS Office, such as Excel, have also been reported.
Microsoft may release a patch for the issue on its regularly monthly patch schedule, which would fall on December 12, or could issue an emergency update before or after that date.
Look, kids. Just don't accept files from strangers period.