There’s now one more reason to be careful about opening Microsoft Office attachments.Microsoft warned Tuesday of a new, unpatched memory corruption error in its word-processing software, and said that it was investigating reports of “limited” attacks that exploit the problem.The bug can be exploited by adding a string of characters in a Word file that can corrupt the PC’s memory and allow the attacker to run unauthorized software on the system, Microsoft wrote in a security advisory. The bug affects many versions of the software, including Word 2000, 2002 and 2003, the Word Viewer 2003 and several versions of Microsoft Works. It is rated “critical” by the FrSIRT website, which compiles a list of software vulnerabilities.As automatic security updates have become commonplace, attackers have focused more on developing attacks that leverage this kind of unpatched hole in the software, sometimes called 0day attacks. This trend has forced Microsoft to produce a growing number of software updates in recent months. In particular, hackers turned their attention to Microsoft’s Office products, which some researchers consider to be a more fruitful source of bugs than the Windows operating system.“Cybercriminals know that 0days are very valuable and can be used tomake lots of money,” said Cesar Cerrudo, chief executive officer ofsecurity research firm Argeniss, in Parana, Argentina. Thesevulnerabilities can be exploited to install spyware or dangerous Trojanhorse programs, or to add the victim’s computer to a network ofcompromised PCs, called a botnet, which can then be used to send outspam or attack other systems, he said. Microsoft’s next set of security updates is due to be released on Dec. 12.By Robert McMillan, IDG News Service (San Francisco Bureau)Keep checking in at our Security Feed for updated news coverage. Related content feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO CSO and CISO C-Suite news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe