New Microsoft Word Zero-Day Vulnerability Used in Targeted Attacks

by Istvan Fekete on March 25, 2014

An unpatched vulnerability in Microsoft Word is being exploited, Microsoft announced yesterday. This flaw affects all versions of Microsoft Word, on both Mac and Windows, and other related programs such as the Word Viewer and Word Automation Services. Current attacks apparently target Microsoft Word 2010, but according to the support page, the security alert applies to Microsoft Office Word 2003, 2007, and Microsoft Word 2013 as well.

As Microsoft points out, the vulnerability is a remote-code-execution vulnerability. “The issue is caused when Microsoft Word parses specially crafted RTF-formatted data, causing system memory to become corrupted in such a way that an attacker could execute arbitrary code.”

“Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution, “Disable opening RTF content in Microsoft Word,” prevents the exploitation of this issue through Microsoft Word. See the Suggested Actions section of this advisory for more information.”

The company also says that its built-in email viewer client, Microsoft Outlook, could also be exploited with such an RTF file if Word is set as the viewer for Outlook. And it is important to mention here that by default Word is the viewer in Outlook 2007, 2010, and 2013.

To address the freshly uncovered vulnerability, the software maker has issued a “fix-it” tool, which you can find on Microsoft’s support page. However, the tool is just a temporary workaround that disables opening RTF content in Word.

As this is a Word security flaw, Outlook is not directly affected, but if the aforementioned application is the selected email reader, an attacker could leverage Outlook for the email attack vector to exploit the vulnerability and gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take complete control of an affected system and install programs; view, change, and delete data; or create new accounts with full user rights.

This isn’t the first time Microsoft has reported zero-day attacks targeting unpatched MS vulnerabilities. Last fall, another vulnerability was discovered in a Microsoft graphics component.

Did you like this post? publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Istvan Fekete. Follow by: RSS, Twitter, Facebook, or YouTube.

{ 1 trackback }

Heartbleed Bug: The Chaotic Nature of the Internet Under the Magnifying Glass —
April 10, 2014 at 7:00 am

Comments on this entry are closed.

Previous post:

Next post: