MSRC Blog: Microsoft Security Advisory 953635

Hello, Bill here,

I wanted to let you know that we have just posted Microsoft Security Advisory (953635).

This advisory contains information regarding a new public report of a possible vulnerability within Microsoft Office Word which could allow for remote code execution. Our investigation thus far has shown that this vulnerability affects Microsoft Office Word 2002 Service Pack 3 only.

At this time, we are aware of limited, targeted attacks attempting to use the reported vulnerability, but we will continue to track this issue. 

The advisory contains workarounds that customers can use to help protect themselves. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release.

We will continue to monitor the situation and post updates to the advisory and the MSRC Blog as we become aware of any important new information.

In the meantime, we encourage customers to review the advisory and implement the workarounds.

Bill Sisk

*This posting is provided “AS IS” with no warranties, and confers no rights.*