Vulnerability Alert: Zero-Day Attacks Against Microsoft Word

Yesterday, Microsoft announced a vulnerability in Word, which could allow code to be remotely executed. This remote code execution can happen when a user opens an RTF file, which has to be specifically written to do the malicious activity, using an affected version of Microsoft Word. Merely previewing such a file can also allow access to the remote execution.

If this vulnerability is exploited, the attacker can potentially acquire the same rights as the user who opened or previewed the file. It is also worth noting that the fewer user rights your account has, the less the impact of an attack is.

Vulnerability Alert: Zero-Day Attacks Against Microsoft Word - Software
Vulnerability Alert: Zero-Day Attacks Against Microsoft Word

Additionally, the vulnerability extends to the use of Outlook. This is due to the fact that Microsoft Word is the default email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.

Microsoft has stated that they are aware of this vulnerability and that at the moment, it seems that Microsoft Word 2010 is the target of these attacks. This does not mean that other versions of Microsoft Word may not be vulnerable as well, though.

The main thing you can do right now is to disable opening RTF content in Microsoft Word.

You can also change your Outlook settings so that you read emails only in plain text. This will prevent a malicious file from executing code.

One last option is to set your file block settings on Outlook so that your computer automatically blocks RTF files.

These are obviously temporary fixes, but they will help ensure that your computer is safe from this particular vulnerability. It is safe to say that Microsoft will be releasing a patch to address this issue, but while that is not out yet, do follow the steps outlined above.

What if you rely on RTF files to do business (or whatever you do)? You either risk being a target of an attack, or you temporarily stop using RTF files. Your choice.

[Image via techweekeurope]

Post a Comment