Microsoft previously released a security bulletin that addressed various vulnerabilities with respect to the parsing of office file formats by Microsoft Office. And, according to the Microsoft Malware Protection Center, just a few days before the Christmas holiday, the Center came upon a “sample” that takes advantage of a specific vulnerability such that it then can execute malicious shell code that can download other malware. What does this mean and what can be done?

As explained by the Center, this particular Microsoft vulnerability can be triggered by the utilization of a specifically designed RTF file with a size range that is larger than expected. Significantly, this vulnerability is present in the ubiquitous Microsoft Word.

In light of the foregoing, Microsoft recommends that customers install the latest Microsoft security update MS10-087 , as soon as possible, if they have not done so already.

While it may be somewhat of a hassle to keep track of every Microsoft vulnerability and to install security updates, it is better to be safe than sorry, especially with a program like Word that is so widely used.

Biography

Eric Sinrod is a partner in the San Francisco office of Duane Morris. His focus includes information technology and intellectual property disputes. To receive his weekly columns, send an e-mail to with the word "Subscribe" in the subject line.

Disclaimer: This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

Reprinted with permission of Findlaw.com