Microsoft warns of Office-related malware

Company spots malicious code on the Net that can infect computers after a user does nothing more than read an e-mail. But Office users can install an existing fix.

Microsoft's Malware Protection Center issued a warning this week that it has spotted malicious code on the Internet that can take advantage of a flaw in Word and infect computers after a user does nothing more than read an e-mail.

The flaw was addressed in November in a fix issued on Patch Tuesday, but with malicious code now spotted in the wild, the protection center apparently wants to be sure the update wasn't overlooked.

Symantec underlined the seriousness of the flaw to CNET's Elinor Mills in November:

"One of the most dangerous aspects of this vulnerability is that a user doesn't have to open a malicious e-mail to be infected," Joshua Talbot, security intelligence manager at Symantec Security Response, said at the time. "All that is required is for the content of the e-mail to appear in Outlook's Reading Pane. If a user highlights a malicious e-mail to preview it in the Reading Pane, their machine is immediately infected. The same holds true if a user opens Outlook and a malicious e-mail is the most recently received in their in-box; that e-mail will appear in the Reading Pane by default and the computer will be infected."

Users of Microsoft Office should be sure to install the fix. You can use your Start menu to check for updates: Click the Start button, click All Programs, and then click Windows Update. Details of the MS10-087 update, including which software versions are affected, can be found here.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The problem with hoarding photos on your phone

Do you have hundreds (or thousands) of photos on your phone? This one's for you.

by Sharon Profis