[Jochen]

Microsoft untersucht derzeit neue Berichte über eine mögliche Sicherheitsanfälligkeit im WordPad Text Converter für Word 97.
Weitere Infos findet Ihr in der Mail unten (engl.) oder in den nächsten Tagen auf http://www.microsoft.com/germany/tec...n/default.mspx (dt).

_________________________________

What is the purpose of this alert?
This alert is to notify you that Microsoft has released Security Advisory 960906 - Vulnerability in WordPad Text Converter Could Allow Remote Code Execution - on December 9, 2008.

Summary

Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.

Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 are not affected as these operating systems do not contain the vulnerable code.

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited.

Mitigating Factors

* This issue does not affect Windows XP Service Pack 3, Windows Vista, and Windows Server 2008.

* An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

* The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.

* When Microsoft Office Word is installed, Word 97 documents are by default opened using Microsoft Office Word, which is not affected by this vulnerability. However, an attacker could rename a malicious file to have a Windows Write (.wri) extension, which would still invoke WordPad. This file type can be blocked at the Internet perimeter.

Recommendations

Review Microsoft Security Advisory 960906 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ), and links to additional resources.

Customers who believe they are affected can contact Customer Service and Support. Contact CSS in North America for help with security update issues or viruses at no charge using the PC Safety line (866)PCSAFETY. International customers can contact Customer Service and Support by using any method found at this location: http://www.microsoft.com/protect/support/default.mspx (click on the select your region hyperlink in the first paragraph).

Additional Resources

* Microsoft Security Advisory 960906 - Vulnerability in WordPad Text Converter Could Allow Remote Code Execution - http://www.microsoft.com/technet/sec...ry/960906.mspx.

* Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc.

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft's security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's Web-based security content, the information in Microsoft's Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,
Microsoft CSS Security Team