Antivirus companies and the SANS Internet Storm Center (ISC) issued a warning today about sophisticated e-mail attacks that are using a previously unknown hole in Microsoft Word to infiltrate corporate networks.

The flaw in Word allows attackers to execute malicious code when the infected word document is opened. The trojan once opened on a users computer currently installs a bot and begins sending information about the system and its current security state including installed patches and anti-virus software. "Michael," who reported the vulnerability, states:

The exploit functioned as a dropper, extracting a Trojan byte-for-byte from the host file when executed. After extracting and launching the Trojan, the exploit then overwrote the original Word document with a "clean" (not infected) copy from payload in the original infected document. As a result of the exploit, Word crashes, informs the user of a problem, and offers to attempt to re-open the file. If the user agrees, the new "clean" file is opened without incident.

Update: There is a patch in the works for the bug that popped up in Microsoft Word. MS probably won't release the patch until its next regularly schedule patch cycle because most security companies rate this as a low threat vulnerability.