Zero-Day Exploit Puts Microsoft Word Users At Risk

Microsoft sign

The danger of a zero-day exploit is that users are left vulnerable to a known vulnerability while a manufacturer scrambles to patch it. This can sometimes result in weeks of known vulnerabilities being available to attackers. The latest zero-day reported involves Microsoft Word and would allow for remote code execution if exploited. A post at the Symantec blog explains the details of this issue.

Microsoft has alerted the public through a security advisory that the Word exploit exists, but have not yet released a patch that fixes it. In the advisory, they report that attacks, although limited, have been observed using this exploit in the wild. Those attacks have only exploited Word 2010, but other versions are considered vulnerable. Those versions include Word 2003 and 2007, Office for Mac 2011, Office Web Apps 2010 and Office Web Apps Server 2013.

Unfortunately, there have been no specific details released about how attackers are exploiting the vulnerability. The issue comes from opening a malicious .RTF file with Word. But, even previewing an .RTF file attached to an email in Outlook could allow an attacker access to a user’s system. So, the attack could stem from malicious email attachments, or it could stem from websites that trick users into downloading and opening a file.

There has been a temporary solution released through Microsoft’s FixIt tool, which makes it impossible for Word to open any .RTF document until a more permanent solution is found. Similarly, Outlook can be configured so that previews of attachments open as plain text, rather than through Word, which would also serve as a temporary solution, but could also be a safer way to operate from now on.

All Word and Outlook users are urged to watch for a patch that fixes this vulnerability and update as soon as it’s made available.

At Geek Rescue, we help help make your computer and your network as secure as possible. We also help you recover from attacks. Call us at 918-369-4335.

March 26th, 2014