Microsoft Working on Patch for Word Vulnerability

In a follow-up to the Microsoft Word vulnerability found last week, Microsoft has indicated that they are  working on a fix. However it’s likely they won’t release a patch until June 13, the next regularly-scheduled ‘Patch Monday’. The Microsoft Word bug first surfaced on Friday, when numerous security companies, led by Symantec, said that an active exploit was using an unpatched vulnerability in Word 2003 and Word XP to drop a backdoor Trojan onto a limited number of PCs. Once in place, the Trojan “” which uses rootkit techniques to infiltrate code on the drive “” provides the attacker with command shell access to the PC, effectively hijacking the machine. Over the following weekend Microsoft acknowledged the Word bug, said it was working on a fix, and downplayed the vulnerability. “So far, this is a very limited attack, and most of our antivirus partners are rating this as ’low,’ said Stephen Toulouse, program manager for Microsoft Security Response Center (MSRC), wrote on the MSRC blog Saturday. Microsoft’s Windows Live Safety Center has been updated to detect and delete the Trojan planted by the exploit. It does not, however, protect a PC that has already been infected.