itb-nz logo
Story image

Oh my Word, Microsoft reveals zero-day attacks

26 Mar 2014

Microsoft has spotted targeted attacks against a zero-day vulnerability in Microsoft Word 2010, prompting the software giant to release a Fix It solution to users.

Affecting all supported versions of Microsoft Word, Redmond says the vulnerability is a “remote code execution vulnerability”, which could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer.

“At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010…” an official security advisory stated.

“The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code.

“Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.”

According to Microsoft, the vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer.

“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” the advisory continues.

“Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

“Applying the Microsoft Fix it solution, "Disable opening RTF content in Microsoft Word," prevents the exploitation of this issue through Microsoft Word.”

For more information click here

Story image
Digital enviro tech could save companies money but adoption is slow
According to a report from Frost & Sullivan and Envirosuite, environmental management tools can bring growth, innovation and bottom-line savings.More
Story image
New Linius solution enables search and assembly of video meeting clips
The new product, “WHIZZARD”, will soon be available to Zoom, Webex and Microsoft Teams users.More
Story image
Q&A: StorageCraft director on how backup and recovery has changed in 2020
Techday spoke to StorageCraft international product marketing senior director Florian Malecki, who discusses the importance of backup and recovery, the products and solutions that StorageCraft offers in this field, and the revenue opportunities partners can capitalise on. More
Link image
Revealed: How to streamline the payroll process
Here are five top tips that can help you regain control of your day, cut down on errors, and take care of employees, the company, and yourself.More
Link image
On 10 December, find out how data centers will fare in the face of climate change
From pandemic disruption to the urgency to address climate change, data center development in Asia Pacific needs to remain resilient and sustainable. On 10 December, join this webinar to learn about viable solutions data center operators can use to overcome environmental challenges. Register now.More
Story image
NCSC prevents $70m harm against NZ's nationally significant organisations
New Zealand’s nationally significant organisations have faced at least 352 cyber incidents in the 2019/2020 year, but the dangers are far from over.More