Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Zero–Day Word Vulnerability

A US-based company was targeted with emails that were sent to the company from the outside but were spoofed to look like internal emails. The mail had a Word file as an attachment that used a previously–unknown vulnerability to install a backdoor, hid it with a rootkit and allow unrestricted access to the machine for the attackers, operating from a host registered under the Chinese domain. is a free host bouncing service in China; anybody can register any host name under so this does not indicate that China was the origin of the attack.

Microsoft Security Advisory (919637) describes the following workarounds:

The advisory does not recommend using a different office suite, for some reason, though it is unlikely that other office suites have the same vulnerability.

More Information