Microsoft reveals zero-day attacks against Word

Microsoft reveals zero-day attacks against Word

Summary: Malicious RTF files could execute code. Microsoft has released a "Fix it" temporary workaround which disables RTF support in Word.

SHARE:
TOPICS: Security, Microsoft
65

Microsoft announced today that an unpatched vulnerability in Microsoft Word is being exploited in the wild.

All versions of Microsoft Word, both Mac and Windows, and several related programs like the Word Viewer and Word Automation Services on Microsoft SharePoint Server are also vulnerable, but the current attacks are directed at Microsoft Word 2010. Exploits such as these are often version-specific, and in targeted attacks, such as this appears to be, the attacker may already know which version he needs to exploit.

Microsoft also says that Microsoft Outlook could also be exploited with such an RTF file if Word were set as the viewer for Outlook. In the default configuration Word is the viewer in Outlook 2007, 2010 and 2013.

Microsoft has issued a Knowledge Base article with a "Fix It" tool which works around the problem by disabling support for RTF. If you rely on Word for RTF files this could be a problem.

A successful exploit would give the attacker control with the privileges of the user running Word, so running with standard user privileges could lessen the damage that an attacker could cause. Microsoft also says that their Enhanced Mitigation Experience Toolkit (EMET) tool can mitigate this vulnerability.

The vulnerability was reported to Microsoft by Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team.

See also:

Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

65 comments
Log in or register to join the discussion
  • Microsoft reveals zero-day attacks against Word

    Its a good thing RTF files aren't that popular. There will be a minimal number of instances of this exploit if any at all.
    Loverock.Davidson
    • In 2014, It's Refreshing To See That MS Software Is Still Garbage!

      Tell me this could happen on Office 2007 or 2010, but the latest version... 2013?

      Why am I not surprised.

      Also, MS spying on their users and reading emails?

      Why am I not surprised.

      Take a good and hard look at Microsoft, because this is a company that is going to disappear one day!
      orandy
      • zerorandy invading MS articles and spewing FUD?

        Why am I not surprised.
        ForeverCookie
        • I think someone's stalking me.

          These flags tell an odd story.

          Is it one of obsession, or simple admiration?

          Maybe he or she wants my attention?
          ForeverCookie
          • They want you silenced

            Since they can't defeat the truth, they attempt to hide it from view.
            William.Farrel
          • I think I'm being haunted by a ghost...

            Might even be the digital spirit of the recently-vanished One left foot.

            Still, there isn't much to do now than have fun with my new-found popularity.

            I'm guessing that whoever's flagging thinks they're insulting me, but really, it only attracts attention to whatever I post.

            A bit short-sighted on their part, if you ask me. The only thing it'll succeed in doing is pissing off the moderator and giving me something to chuckle about.
            ForeverCookie
          • There is no truth in Forever Cookies' comment

            Hi :)
            There is no truth in Forever Cookies' comment. It nothing but a personal attack and his/her subsequent comment just an attack on everyone that doesn't agree to join in with allowing the bullying.
            Regards from
            Tom :)
            Tom6
        • Maybe he's talking about this story?

          Perhaps you missed this?

          "Microsoft is caught up in a privacy storm after it admitted it read the Hotmail inbox of a blogger while pursuing a software leak investigation."

          http://www.bbc.co.uk/news/business-26677607
          Zogg
          • That story is an MS employee... not the masses

            There are email providers that read email of the masses like Google. But that wasn't the case in that article.
            JennTech
          • The point was that MS read the guy's Outlook email!

            Didn't you read the article?

            "On Thursday, the firm acknowledged it read the anonymous blogger's emails in order to identify an employee it suspected of leaking information."

            "The search was legal because it fell within Microsoft's terms of service which state that the company can access information in accounts that are stored on its "Communication Services", which includes email, chat areas, forums, and other communication facilities."

            So MS admitted reading this guy's email, and this violation of privacy was still in full compliance with MS's terms of service.
            Zogg
          • Ya, much like all the rest.

            And this is somehow news to you right?

            Look, Im not saying any of these companies that have all these lovely free services have it set up in our favor, and that includes MS.

            But get a wee grip here chum. We all know this. Its very old news about terms of service and EULA's, which ALWAYS work to the over all benefit of the person or company providing the software or service. Not the user.

            And we also know, depending any ones persons concerns about privacy, that some companies do a lot worse than reading emails of an employee who stole what I understand to be information relating to product activation. For Microsofts purposes it might as well have been the keys to Fort Knox.

            If your that amazed that all these companies can do this kind, and similarly minded things, well now that you know, spread the word. I find it hard to believe that there are people who come to ZDNet who don't already know fully well about these common knowledge issues.
            Cayble
          • *sigh* You have missed the larger context.

            Firstly, MS did not read an employee's email - it read a blogger's email to discover which employee s/he had been communicating with. To my mind, reading emails is worse than scanning them.

            But anyway, this whole thread was only started because orandy mentioned:

            "Also, MS spying on their users and reading emails?"

            and it was blithely dismissed as FUD. Whereas it actually has topical relevance, at the very least.
            Zogg
          • all agreed..

            however the likes of lovecrack, will feral and the other one who's name escapes me at present make a huge issue of every google related privacy issue.. it's a good idea to point out that they are not the only one making (or in microsofts case trying to make) money from user data and targetted ads.. and not the only one having privacy issues. wouldn't be fair to be one sided like that would it?
            frankieh
          • And the guy whose email MS read was not an MS employee.

            S/he was a blogger with whom an unknown MS employee had been communicating.
            Zogg
      • In 2014, It's Refreshing To See That orandy's post are Still Garbage!

        His terror is real, so take a good and hard look at orandy, because he and his posts are definitely going to disappear one day.

        Why am I not surprised at that?

        Because they don't allow Internet use in the asylums....
        William.Farrel
      • Viva Office 2003 !

        I see Office 2003 doesn't rate a mention.
        Hurrah for me, keeping old software - I must be safe!

        Right...?
        alan_r_cam
        • Microsoft Word 2003 Service Pack 3

          Affected Software
          This advisory discusses the following software.
          Affected Software
          Microsoft Word 2003 Service Pack 3

          https://technet.microsoft.com/en-us/security/advisory/2953095
          RickLively
      • only affects Word2010

        From MS:
        At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010.
        klashbrook
        • Learn to read whole sentences.

          "All versions of Microsoft Word, both Mac and Windows, and several related programs like the Word Viewer and Word Automation Services on Microsoft SharePoint Server are also vulnerable, but the current attacks are directed at Microsoft Word 2010."

          Note: "All versions of Microsoft Word, both Mac and Windows, and several related programs" ... "but the current attacks are directed at Microsoft Word 2010."

          What this means is that the exploit affects "All versions of Microsoft Word, both Mac and Windows, and several related programs" but that the "current attacks are directed at Microsoft Word 2010", therefore, it obviously affects more than Word2010.

          Sorry if breaking it down for you makes you feel like an idiot but not getting the actual meaning of a sentence makes you look like one.
          techadmin.cc
      • Ha! Ya. Sure. You know best.

        "Take a good and hard look at Microsoft, because this is a company that is going to disappear one day"

        Ya, sure MS is going to disappear one day. So is the sun. One day.
        Cayble