Home / / MS Word flaw could lead to hijacked PCs

MS Word flaw could lead to hijacked PCs

Microsoft issues warning, advises stop-gap measures as exploits appear in the wild

Microsoft has pledged action, but no current fix exists for the flaw.
Microsoft has pledged action, but no current fix exists for the flaw.

Microsoft yesterday issued a vulnerability warning for Word, saying it is open to attacks that could allow a malicious party to take complete control of a victim's computer.

According to a report from The Register, the hole is already being exploited in some scattered, targeted attacks in the wild and there is no current fix for the bug.

The exploit works when a user opens a doctored RTF file in Word or Outlook. The attacker can then execute code that gives them the same privileges as the currently logged-on user.

According to Microsoft's bulletin the following applications are affected by the flaw: Microsoft Word 2003, 2007, 2010, 2013; Office for Mac 2011; Microsoft Office Web Apps; Automation Services on SharePoint Server 2010 and 2013; and Outlook 2007, 2010 and 2013 when using Word as the email viewer.

The vulnerability can also be exploited if a malicious RTF email attachment is previewed in Outlook.

Microsoft also said, "An attacker could host a website that contains a webpage that contains a specially crafted RTF file that is used to attempt to exploit this vulnerability.

"An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system."

Microsoft advised network administrators to disable the opening of RTFs in Word as a stop-gap measure. Using the Enhanced Mitigation Experience Toolkit could also act as a temporary shield.

"On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," the Redmond-based company pledged.

 

CHANNEL AWARD 2018