When this story was originally reported, it misquoted Argeniss’s Cesar Cerrudo. The error has been corrected within the text below.There’s now one more reason to be careful about opening Microsoft Office attachments.Microsoft warned Tuesday of a new, unpatched memory corruption error in its word-processing software, and said that it was investigating reports of “limited” attacks that exploit the problem.The bug can be exploited by adding a string of characters in a Word file that can corrupt the PC’s memory and allow the attacker to run unauthorized software on the system, Microsoft wrote in a security advisory. The bug affects many versions of the software, including Word 2000, 2002 and 2003, the Word Viewer 2003 and several versions of Microsoft Works. It is rated “critical” by the FrSIRT website, which compiles a list of software vulnerabilities. As automatic security updates have become commonplace, attackers have focused more on developing attacks that leverage this kind of unpatched hole in the software, sometimes called 0day attacks. This trend has forced Microsoft to produce a growing number of software updates in recent months. In particular, hackers turned their attention to Microsoft’s Office products, which some researchers consider to be a more fruitful source of bugs than the Windows operating system. “Cybercriminals know that 0days are very valuable and can be used to make lots of money,” said Cesar Cerrudo, chief executive officer of security research firm Argeniss, in Parana, Argentina. These vulnerabilities can be exploited to install spyware or dangerous Trojan horse programs, or to add the victim’s computer to a network of compromised PCs, called a botnet, which can then be used to send out spam or attack other systems, he said. Microsoft’s next set of security updates is due to be released on Dec. 12.-Robert McMillan, IDG News Service (San Francisco Bureau)Related Links: Microsoft to Release 6 Windows Security Updates Microsoft Admits Vista’s Vulnerable to 40% of Malware Microsoft Says Code is Better, Not Perfect: Q&ACheck out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content brandpost Resilient data backup and recovery is critical to enterprise success As global data volumes rise, business must prioritize their resiliency strategies. By Neal Weinberg Jun 01, 2023 4 mins Security brandpost Democratizing HPC with multicloud to accelerate engineering innovations Cloud for HPC is facilitating broader access to high performance computing and accelerating innovations and opportunities for all types of organizations. By Tanya O'Hara Jun 01, 2023 6 mins Multi Cloud brandpost Survey: Marketers embrace AI at expense of metaverse investments Generative artificial intelligence (GAI) has quickly rocked the world of marketing. Sitecore polled B2B marketers on their perceptions of GAI. Here’s what they said. By Dave O’Flanagan, Sitecore Jun 01, 2023 4 mins Artificial Intelligence news Zendesk to lay off another 8% of its staff, cites macroeconomic issues The new tranche of layoffs comes just six months after the company let go of 300 staffers and hired a new CEO in order to navigate its operations through macroeconomic distress. By Anirban Ghoshal Jun 01, 2023 3 mins CRM Systems IT Jobs Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe