Well, Microsoft is keeping out front of the game...no I don't mean Vista. Yet another serious Word flaw has been reported, the second in the past week. This means that in the past week and a half there have been three serious Microsoft breaches reported (the two Word and one in Windows multimedia).
At the current time, it doesn't look like Microsoft is going to rapidly address the two Word flaws in its next security patch. That should be reassuring news for enterprise security folks.
So, here's the picture. Your enterprise is running its AV, IPS and IDS systems. Then along comes a Word document attached to an email. You let the document in. Unfortunately the document contains malware rootkit trojans. If it's one that your AV, IDS and IPS don't pick up then you are fodder for the criminals.
Remember, these types of flaws have been in Word for the past few years. Smart criminals aren't going to advertise that they've found one. They've probably found these and other Office defects long ago. Therefore, stop waiting for Microsoft to clean up its act. Assume the documents will carry malware. Further, assume that the malware will pass under the radar screen of your enterprise perimeter.
NOW START MAKING PLANS TO USE LAYERS OF STRONG AUTHENTICATION BEHIND THE FIREWALL!
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us