14 DAY TRIAL // Microsoft has already announced that a critical security patch for Word is coming on Patch Tuesday, but it turns out that more attacks have been spotted out in the wild and lots of users could be affected.
Wolfgang Kandek, CTO of Qualys, used an analysis made by McAfee to point out that “the attacks are real and happening now,” which means that basically everyone still using a Microsoft Word version that’s vulnerable to exploits should take the necessary steps to protect themselves right now.
“The exploit does not look that hard to replicate with the information provided. Beyond patching it makes sense to disable RTF opening any way, which is what the FixIt in KB2953095 does. It certainly looks as if there is more potential for this type of vulnerability that can be found with relatively little investment into file fuzzing,” Kandek explained.
According to McAfee analysis, if an attacker successfully exploits the vulnerability, he could easily run malicious code on the target computer, and then perform a number of other tasks, such as injecting malware and other dangerous tools to compromise data owned by the user.
The vulnerability comes down to the way Microsoft Word handles RTF documents, so disabling support for this particular file format in Microsoft’s word processor would be the best way to stay secure until a full patch is being released.
Those who are running Outlook 2007, 2010 or 2013 to send and receive emails are even more vulnerable, as the email client uses Microsoft Word as the default viewer for attached documents, so it’s a lot easier to get hacked.
Kandek has provided more instructions for those who are trying to block any potential attacks, pointing out that avoiding downloading suspicious RTF documents is usually the best way to stay secure.
“The current workaround is to disable RTF as a supported format in Microsoft Office. A secondary recommended action is to work with plain text in e-mails, which is generally a recommended safeguard that prevents the ‘drive-by’ characters of these types of attacks,” he said.
Microsoft will finally address the flaw on Patch Tuesday next week, so make sure that your computer is configured to automatically receive updates as soon as they are released.
All versions of Microsoft Word are said to be affected by this vulnerability and the software giant has already confirmed that it is aware of some “limited” attacks happening right now, which is just another sign that RTF documents should be handled with caution these days.