Avoiding MS Word flaws

Posted 23 May 2006

Microsoft have warned of a serious bug in Word 2003 that is being exploited by a Trojan horse. Apparently one large US organisation has been targeted by it. While we wait for a patch to fix this problem, Microsoft recommend only opening word attachments in Word Viewer.

This might be an opportunity to switch to sending attachments in PDF format. This is a far more secure and compact way of sending attachments. The free CutePDF is one of our favourites or you can buy a commercial product like Adobe Acrobat or PDF Factory.

Another alternative is to switch to Open Office or another office substitute. While the alternatives are good, they are not always compatible with all the features in MS Office. This is particularly true if you use the tracking features in Word.

If you need to exchange Word documents for editing, we'd recommend setting up a Restricted User account on your computer and doing your work in that account. Naturally you should have a firewall and an up-to-date antivirus. Being careful about who sends what is also important.

To date, it appears this exploit only works in Word 2003. Unfortunately we have no further details of the exploit or how to work around it. For the meantime you should be very careful about what you open.