Microsoft has warned that hackers may already be exploiting a new vulnerability found in the company’s Word and Office programs. The warning comes just after the company issued fixes for 20 other bugs in its products on Tuesday, including six for Word.The latest problem affects Office 2000 and Office XP, Microsoft said in a security advisory on Wednesday. Attackers could create a specially crafted Word document that, if opened, could allow them to control a victim’s computer remotely. As usual, the company advised great caution when opening unsolicited attachments.Microsoft said it had received reports of “very limited, targeted” attacks. Danish security vendor Secunia ranked the problem as “extremely critical.” SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe The emergence of a security bug so soon after Microsoft’s scheduled patch release follows a familiar pattern by hackers, who want to maximize the amount of time they have to take advantage of a vulnerability, said Thomas Kristensen, Secunia’s chief technical officer. Microsoft rarely diverts from its patch schedule, set for the second Tuesday of the month, although it said it would in this case if it considers it necessary. Office applications such as Word are “low-hanging fruit” for hackers, since the programs haven’t been audited as much as some others, such as Internet Explorer, Kristensen said.The hackers find a vulnerability by manipulating a document and testing how Word reads it. In this case, a modified document can corrupt system memory in a way that allows the attacker to execute code on the machine remotely. As well as sending the document via e-mail, the hacker could embed it in a webpage and try to lure users into visiting that page. “Attacking using this vector is fairly easy,” Kristensen said.However, new security features in Windows Vista, released to the general public last month, may prevent similar types of attack, so hackers may be making an extra effort to exploit them while they can, he said. —Jeremy Kirk, IDG News Service (London Bureau)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature Mastercard preps for the post-quantum cybersecurity threat A cryptographically relevant quantum computer will put everyday online transactions at risk. Mastercard is preparing for such an eventuality — today. By Poornima Apte Sep 22, 2023 6 mins CIO 100 CIO 100 CIO 100 feature 9 famous analytics and AI disasters Insights from data and machine learning algorithms can be invaluable, but mistakes can cost you reputation, revenue, or even lives. These high-profile analytics and AI blunders illustrate what can go wrong. By Thor Olavsrud Sep 22, 2023 13 mins Technology Industry Generative AI Machine Learning feature Top 15 data management platforms available today Data management platforms (DMPs) help organizations collect and manage data from a wide array of sources — and are becoming increasingly important for customer-centric sales and marketing campaigns. By Peter Wayner Sep 22, 2023 10 mins Marketing Software Data Management opinion Four questions for a casino InfoSec director By Beth Kormanik Sep 21, 2023 3 mins Media and Entertainment Industry Events Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe