Security Update: Microsoft Word (Microsoft and Mac Users) Vulnerability Being Exploited
Date and Time
Microsoft has released a security advisory regarding an unpatched vulnerability that is being used in limited attacks against those using Microsoft Word. The vulnerability is a remote code execution (RCE) flaw that can be leveraged if a malicious Rich Text File (RTF) is either opened in Office 2010 or previewed in Outlook with Word as the designated preview viewer.
Advanced Users: For a complete description of the security advisory refer to Microsoft Security Advisory (2953095) - Vulnerability in Microsoft Word Could Allow Remote Code Execution at http://technet.microsoft.com/library/security/2953095.
- Microsoft Word 2003
- Microsoft Word 2007
- Microsoft Word 2010
- Office for Mac 2011
- Office Web Apps 2010
- Office Web Apps Server 2013
WHAT'S THE PROBLEM?
The attacks could either come in the form of a harmful e-mail attachment or a Web-based attack in which a malicious RTF file is hosted and downloaded by a user.
HOW DO I PROTECT MY COMPUTER?
At this time Microsoft does not have a software update for this vulnerability but has provided workaround solutions.
1. If you have IT support, no action on your part is required.
2. If you do not have IT support or they do not support your computer, Microsoft suggests:
- Applying Microsoft Fix it solution, "Disable opening RTF content in Microsoft Word", that prevents exploitation of this issue. Refer to http://support.microsoft.com/kb/2953095 to use the automated Microsoft Fix it solution to enable or disable this workaround.
- Read emails in plain text.
*Microsoft Outlook 2003, Microsoft Outlook 2007 and Microsoft Office 2010 refer to http://support.microsoft.com/kb/831607.
*Outlook for Mac 2011 refer to http://office.microsoft.com/en-us/mac-outlook-help/turn-off-html-formatting-HA102928403.aspx.
- Additional, technical workaround solutions can be found under Suggested Actions at Microsoft Security Advisory (2953095) - Vulnerability in Microsoft Word Could Allow Remote Code Execution at http://technet.microsoft.com/library/security/2953095.
IT Security - /security