Microsoft Word users urged to apply urgent fix after targeted attacks

Microsoft Word users have been urged to update their software after  attacks against users of MS Word 2010, where opening a “specially crafted” Rich Text Format file allowed attackers to remotely execute code on the victim’s machine.

Targeted attacks using the zero-day exploit have been seen ‘in the wild’, Threatpost reports. Microsoft has issued  a temporary workaround and an official security advisory.

Microsoft’s security advisory advised all Word users to apply a one click “Fix It” to deal with the vulnerability.

Threatpost reports that, “While attacks are currently targeting Microsoft Word 2010, Microsoft said the vulnerability affects Word 2003, 2007, 2013 and 2013RT, as well as Office for Mac, Office Web Apps 2010 and 2013, and Word Viewer.”

“We encourage all customers using Microsoft Word to apply this Fix it to help protect their systems,” the company said. The “Fix it” – a temporary fix for such security flaws – prevents Word opening RTF files.

The attack also works when Word is enabled as the email viewer in Outlook 2007, Outlook 2010 and Outlook 2013, Microsoft warns. Word is enabled as the email viewer by default in these applications.

“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” Microsoft warns. “Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution, “Disable opening RTF content in Microsoft Word,” prevents the exploitation of this issue through Microsoft Word.

Neowin’s report pointed out that releasing a security advisory and “Fix it” was unconventional for the computing giant.

Microsoft usually releases security patches on “Patch Tuesday”, the second Tuesday of each month, and Neowin commented, “It is likely that Microsoft will issue an update for the Word vulnerability with the next “Patch Tuesday” on April 8th so if you forget to download the patch, Microsoft will install it for you.”

Microsoft said that it continued to work on security updates to address the issue, saying, “We continue to work on a security update to address this issue. We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers.”

Author , We Live Security

  • EightBitsShort

    Does ESET Endpoint Antivirus protect me against this RTF exploit? I have the ESET plugin enabled in Outlook.

    • David Harley

      I’ll ask the developers for an authoritative response, but while ESET and other AV developers do sometimes implement detection for vulnerabilities as well as exploits, this is actually a vulnerability that Microsoft have not yet been able to resolve satisfactorily, so I think it would be tempting fate to guarantee detection against all future attacks that might exploit it.

Follow us

Copyright © 2016 ESET, All Rights Reserved.