Another previously undocumented, yet-to-be-patched security vulnerability in Microsoft Word is actively being exploited in cyberattacks, Microsoft said Thursday.
The vulnerability is the fourth zero-day vulnerability to arise in the Microsoft application in two months. Microsoft hasn’t provided patches for any of the flaws, despite acknowledging that the holes are being used in attacks on its customers.
“There have been very limited attacks reported that are attempting to use the reported vulnerability at this time,” a Microsoft representative said Thursday in a statement about the latest problem. The company is investigating this latest report and may issue a patch, if needed, the representative said.
The newest problem allows an attacker to hijack systems running Word 2000 and causes a crash of Word 2003 and Word XP, Symantec said in an alert Thursday. “An attacker could exploit this issue by enticing a victim to open a malicious Word file,” the Cupertino, Calif.-based security company said.