MS Word flaw could lead to hijacked PCs

Microsoft issues warning, advises stop-gap measures as exploits appear in the wild

Tags: Microsoft CorporationUSA
  • E-Mail
MS Word flaw could lead to hijacked PCs Microsoft has pledged action, but no current fix exists for the flaw.
By  Stephen McBride Published  March 25, 2014

Microsoft yesterday issued a vulnerability warning for Word, saying it is open to attacks that could allow a malicious party to take complete control of a victim's computer.

According to a report from The Register, the hole is already being exploited in some scattered, targeted attacks in the wild and there is no current fix for the bug.

The exploit works when a user opens a doctored RTF file in Word or Outlook. The attacker can then execute code that gives them the same privileges as the currently logged-on user.

According to Microsoft's bulletin the following applications are affected by the flaw: Microsoft Word 2003, 2007, 2010, 2013; Office for Mac 2011; Microsoft Office Web Apps; Automation Services on SharePoint Server 2010 and 2013; and Outlook 2007, 2010 and 2013 when using Word as the email viewer.

The vulnerability can also be exploited if a malicious RTF email attachment is previewed in Outlook.

Microsoft also said, "An attacker could host a website that contains a webpage that contains a specially crafted RTF file that is used to attempt to exploit this vulnerability.

"An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system."

Microsoft advised network administrators to disable the opening of RTFs in Word as a stop-gap measure. Using the Enhanced Mitigation Experience Toolkit could also act as a temporary shield.

"On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," the Redmond-based company pledged.

 

1277 days ago
Frida

Microsoft Office, and yet another flaw... it doesn't bother me much, because I use SoftMaker Office: no flaws, excellent compatibility with all MSO formats, very fast, feature-packed, but still low-priced. I can't get it why still so many people buy / rent that crappy Microsoft Office / Office365 suite for an immense sum, and don't change to an alternative. Is it idleness? Power of habit??

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code