Microsoft reveals zero-day attacks against Word

Summary:Malicious RTF files could execute code. Microsoft has released a "Fix it" temporary workaround which disables RTF support in Word.

Microsoft announced today that an unpatched vulnerability in Microsoft Word is being exploited in the wild.

All versions of Microsoft Word, both Mac and Windows, and several related programs like the Word Viewer and Word Automation Services on Microsoft SharePoint Server are also vulnerable, but the current attacks are directed at Microsoft Word 2010. Exploits such as these are often version-specific, and in targeted attacks, such as this appears to be, the attacker may already know which version he needs to exploit.

Microsoft also says that Microsoft Outlook could also be exploited with such an RTF file if Word were set as the viewer for Outlook. In the default configuration Word is the viewer in Outlook 2007, 2010 and 2013.

Microsoft has issued a Knowledge Base article with a "Fix It" tool which works around the problem by disabling support for RTF. If you rely on Word for RTF files this could be a problem.

A successful exploit would give the attacker control with the privileges of the user running Word, so running with standard user privileges could lessen the damage that an attacker could cause. Microsoft also says that their Enhanced Mitigation Experience Toolkit (EMET) tool can mitigate this vulnerability.

The vulnerability was reported to Microsoft by Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team.

See also:

Topics: Security, Microsoft

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.