Microsoft Issues Emergency Fix it for Exploited 0-day Vulnerability in Word


Related Links

Top 5 Stories


Microsoft Issues Emergency Fix it for Exploited 0-day Vulnerability in Word

25 March 2014

Microsoft yesterday issued an advisory and Fix it for a vulnerability in Word that is already being exploited in 'limited, targeted attacks.' Fix its provide a quick temporary defense while the company prepares a full patch. "We encourage all customers using Microsoft Word to apply this Fix it to help protect their systems," warns Microsoft.

The known attacks are all currently directed at MS Word 2010, but the vulnerability also affects Word 2007 and 2013 and is present on both PC and Mac versions. "The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer," explains the advisory.

The fault lies in the file format parser for RTF, explains Wolfgang Kandek, CTO at Qualys. "The attack vector is a document in RTF format that the victim would have to open with Word. If the target uses Outlook 2007, 2010 or 2013 for e-mail, please be aware that Word is the default viewer for e-mails, and that even looking at the e-mail in the preview pane could lead to an infection through this attack," he warns.

If successfully exploited the flaw can give the attacker the same rights as that of the user. Many companies and almost all consumers operate at 'administrator' level – which means that the attacker could take full control of the victim computer.

There are numerous mitigations that could be used to alleviate the problem, and Microsoft has provided an extensive analysis of the problem in a separate Technet blog. The simplest solution is to disable RTF as a supported file format within Microsoft Office. This, however, is not always possible for consumers, nor easy for the way that companies operate. Applying the Fix it is the best quick fix.

Microsoft is currently investigating the vulnerability (reported to them by the Google Security Team), and says it "will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."

If a patch can be prepared in time for next month's Patch Tuesday, it is likely to see it issued then. However, since the flaw is now known and affects other versions than the targeted Word 2010, it is likely that other cybercriminals are looking for and working on their own exploits. If more widespread attacks are detected, Microsoft might decide to issue an out-of-band patch as soon as it is available.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×