Rebounding from recent reports that China hackers are exploiting a zero-day vulnerability in Word to launch a Trojan horse, Microsoft is advising users to run the application in “safe mode.” See Microsoft advisory here.
Security experts last week reported a spate of incidents involving Asian and U.S. government agencies that received official-looking e-mail with attached Word files. Selecting those documents triggered a download of software that gave hackers control of systems, including altering or destroying information.
While Microsoft announced a fix to the vulnerability will be part of its June 13 security updates, the software giant advised users to launch Word only in “safe mode,” in the interim. This way, toolbars, preferences and other options cannot be changed.
“Do not attempt to open any Word files as you may be vulnerable,” according to Microsoft.
Additionally, the security advisory instructs users “do not open Word files directly from any mail clients, for example Outlook or Hotmail.” Instead, such files should be saved and then viewed from Word opened in safe mode.
Microsoft condemned how the hole was initially reported by security researchers. “This new vulnerability in Word was not disclosed responsibly, potentially putting computer users at risk,” according to the updated advisory.