Microsoft reveals zero-day attacks against Word

Malicious RTF files could execute code. Microsoft has released a "Fix it" temporary workaround which disables RTF support in Word.
Written by Larry Seltzer, Contributor

Microsoft announced today that an unpatched vulnerability in Microsoft Word is being exploited in the wild.

All versions of Microsoft Word, both Mac and Windows, and several related programs like the Word Viewer and Word Automation Services on Microsoft SharePoint Server are also vulnerable, but the current attacks are directed at Microsoft Word 2010. Exploits such as these are often version-specific, and in targeted attacks, such as this appears to be, the attacker may already know which version he needs to exploit.

Microsoft also says that Microsoft Outlook could also be exploited with such an RTF file if Word were set as the viewer for Outlook. In the default configuration Word is the viewer in Outlook 2007, 2010 and 2013.

Microsoft has issued a Knowledge Base article with a "Fix It" tool which works around the problem by disabling support for RTF. If you rely on Word for RTF files this could be a problem.

A successful exploit would give the attacker control with the privileges of the user running Word, so running with standard user privileges could lessen the damage that an attacker could cause. Microsoft also says that their Enhanced Mitigation Experience Toolkit (EMET) tool can mitigate this vulnerability.

The vulnerability was reported to Microsoft by Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team.

See also:

Editorial standards