Over the last couple of days, the press is having a field day with a new zero day exploit in Word. Simply opening the document releases the malware into the computer. There are no known work-arounds for this until Microsoft issues a new patch.
This follows another security advisory from Microsoft this past June about PowerPoint. Then too Microsoft was warning users to not open any MS Office document they weren't sure of.
While all this is potentially very bad, it is much worse given the current trends in malware. Organized crime is now doing more and more targeted spear phishing attacks. They select key individuals in an enterprise and then target them with email directing them to phishing sites or, attach to the email legitimate looking MS Office document attachments. The emails now appear to come from a trusted colleague in the enterprise.
Microsoft will eventually fix this new hole. However, more will continually to appear since there is so many lines of code in MS Office with unexposed weaknesses.
What's my point? These flaws have been in MS Office for years. Organized crime has thousands of programmers who are being paid to uncover the flaws. When they do, they are QUIETLY using these flaws to attack enterprises. They're only uncovered when some researcher stumbles across them or, when an attack becomes public.
DON"T LEAVE YOUR ENTERPRISE'S DEFENSES ONLY AT THE PERIMETER. There is too much risk currently and for the foreseeable future. While putting in strong perimeters as well as monitoring what goes out the firewall, put in layered strong authentication identity defenses behind the firewall. Without this, you may never know you were attacked or, figure it out many months after a successful attack or attacks have occurred.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us