Microsoft Word Zero Day Alert!

  • March 25, 2014
  • 2 min read

Microsoft_Word_logoWarning: Microsoft has just announced an unpatched, zero day vulnerability affecting multiple versions of Microsoft Word.

The vulnerability uses .RTF files opened in Microsoft Word or previewed in Microsoft Outlook using the MS Word previewer. Once the file is opened or previewed, attackers can gain remote access of your machine, to monitor activity, steal files, or execute malicious code.

To avoid this zero day threat:

For enhanced protection against this and future emailed threats, also consider changing your Outlook settings to read all standard mail in plain text. This setting prevents the automatic execution of emailed HTML and .RTF malware.

Emsisoft Anti-Malware’s Behavior Blocking Technology automatically protects users from this zero-day threat.

Additional Information

Microsoft writes that this zero day (CVE-2014-1761) was discovered in “limited, targeted attacks directed at Microsoft Word 2010.” However, further investigation has revealed that the vulnerability also exists in the following versions:

Microsoft Outlook 2007, 2010, and 2013 are also particularly vulnerable, as they use MS Word as their default .RTF attachment previewer. Microsoft Outlook 2003 may also be vulnerable, if it is using MS Word as its .RTF attachment previewer (however this is not the default setting).

Advanced users may find more information on this latest zero day exploit in Microsoft’s official Security Advisory:  https://technet.microsoft.com/en-us/security/advisory/2953095

Have a Great (Malware-Free) Day!

Steve

Steve

Freelance writer and security enthusiast based in the USA.

What to read next

Reader Comments