Microsoft has issued a warning that cyber criminals could advantage of an unpatched flaw in Windows to install malicious software on a victim's PC. The reported attack, now under investigation by Microsoft, involves a malicious Word document, but there may be other ways of exploiting the flaw, the company said.
"Do not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources," according to a Microsoft security advisory. The flaw lies in the Jet Database Engine that is used by a number of products including Microsoft Access. Microsoft is investigating whether other programs may also be exploited in this type of attack. Although this kind of unpatched, "zero day" attack is always cause for concern, Microsoft downplayed the risk.
Microsoft, Word, Security, Vulnerability, Exploit