The Security Mentor

Last year the people who enjoy hunting for security problems found some in Microsoft Word. The upshot was that bad guys could build a file that Word would open and which would send Word off the rails in such a way that the bad guys could make it run a program of their choice. Microsoft's first of their Ten Immutable Laws of Security says "If a bad guy can persuade you to run his program on your computer, it's not your computer anymore".

Bad guys took advantage of this Word problem. Meantime another one got discovered, then another, then a fourth. (Two of them turned out to be the same, so it was really only three critical bugs). Microsoft didn't have a fix tested and ready to go until this Tuesday.

Guess what happened today?

Another announcement of a security bug in Office 2000 and Office XP.

Bad guys are reportedly using the bug already, but not on a large scale. Not yet, anyway.

Do run an antivirus scan of new Office documents you get from others, but you can't depend on it totally. Do follow up with the sender on Office documents that you weren't expecting before you open them. Consider asking to get documents in RTF format, which may be simple enough to avoid triggering the bug.