Word Attacks Overblown

The press is spending some attention on the Word attacks that took place recently, but we feel much of this is overblown. Sure, two forms of the attack are said to be in use, but there is little public info about them, and certainly no evidence of widespread attacks as of yet.

On WatchDog we have placed the suggestion of using the “winword /safe” command to better protect your organization, but it is likely a patch for the issue is coming in June, and until widespread exploits are available, it is pretty unlikely that most organizations will see any attacks from this.

In the meantime, we suggest treating it like the myriad of unpatched holes in Internet Explorer that occur so often, and use some caution, alert users and help desk folks to be aware of the symptoms. Then, apply the patch when it is released.

Most of all, please do not panic. The risks are not all that high compared to many of the other vulnerabilities common in most enterprises today.

This entry was posted in General InfoSec by Brent Huston. Bookmark the permalink.

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

Leave a Reply