The company has discovered a critical vulnerability in Microsoft Word 2010

Mar 25, 2014 07:26 GMT  ·  By
All Word 2010 users are strongly recommended to deploy the Fix-It solution soon
   All Word 2010 users are strongly recommended to deploy the Fix-It solution soon

Microsoft today confirmed that Word 2010 is affected by a critical security flaw that would allow an attacker to remotely execute code and thus get privileges that would allow him to compromise user data.

The exploit is possible with the help of a malicious RTF document or a Microsoft Outlook email file, the company said in an advisory released today. A number of attacks have already been discovered, Microsoft says, so the company rolled out a Fix-It patch that would help users tweak their computers to make sure that they’re fully protected of any incoming attacks.

“At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer,” Microsoft says.

All Microsoft Word 2010 users are strongly recommended to update their Office installations as soon as possible and to deploy the Fix-It solution which does not require a reboot.

“The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code. Additionally, applying the Fix it does not require a reboot. We encourage all customers using Microsoft Word to apply this Fix it to help protect their systems,” Microsoft says.

Redmond also says that the Enhanced Mitigation Experience Toolkit helps protect users as well, but the company also recommends users to enable a firewall, apply software updates and install anti-virus anti-spyware applications.

At the same time, Microsoft Word users are advised to avoid opening suspicious links or documents coming from what the company calls “unfamiliar senders” that could actually try to exploit found vulnerabilities and access their data.

Microsoft usually rolls out fixes for the vulnerabilities found in its software on Patch Tuesday, but it’s pretty clear that this new security flaw needed to be addressed as soon as possible. On the other hand, expect a full-time patched to be released on April 8, the same day when Microsoft is expected to start shipping Windows 8.1 Update 1 to users.

The Fix-It patch released by Microsoft today doesn’t require any special computer knowledge, as it comes in the form of an installer that takes care of everything. You only need to launch the patch and let it apply the modifications to your computer.