Microsoft Word is under attack, as attackers have the ability to take advantage of a zero-day vulnerability in the program and take control of a person’s computer.
This is made possible by creating booby-trapped documents in the Rich Text Format; that is able to take complete advantage of a vulnerability in the 2010 version of Word, along with Word 2007, Word 2003, and Word 2013. Bear in mind that since Word is the default email reader in Outlook, the vulnerability will exist there, as well.
“The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code,” says Microsoft. “The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.
“On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”
Microsoft has issued a temporary fix that prevents Office from opening RTF documents. In addition, users can protect themselves by simply refraining from opening a text in RTF.
After the investigation, Microsoft will release a permanent patch to fix the issue once and for all.
[via Microsoft, image via Flickr]