MICROSOFT HAS ADMITTED that a Word zero-day vulnerability exists and is being exploited in the wild, and has suggested how to avoid becoming a victim of it.
An attacker would have to send the victim an infected RTF file. A number of Microsoft Word versions are affected, including Microsoft Office for Mac and Microsoft Word 2003 Service Pack 3, and Microsoft said that it is aware of limited, targeted attacks directed at Microsoft Word 2010
"An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights," said Microsoft.
"Applying the Microsoft Fix it solution, 'Disable opening RTF content in Microsoft Word,' prevents the exploitation of this issue through Microsoft Word."
Microsoft said that it is still looking into the remote code execution vulnerability, and will take "appropriate action" when it decides what that action is.
"On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," it said.
Wolfgang Kandek, CTO at security firm Qualys, seconded the suggestion to disable opening RTF content, and added the tip that people should use plain text in emails. He added that this is "generally a recommended safeguard that prevents the 'drive-by' character of these types of attacks".
Until a patch is released, you should follow the workaround. µ
Sign up for INQbot – a weekly roundup of the best from the INQ