14 DAY TRIAL // Microsoft has confirmed that this month’s Patch Tuesday would bring an update aimed at fixing a vulnerability in Word that exposes users to malware infections.
Disclosed by security company Fire Eye, the Microsoft Word security flaw makes it possible for hackers to hijack Windows computers with the help of a malicious RTF document that hides code which then triggers malware downloads on target systems.
Microsoft has confirmed in a statement that it plans to address the vulnerability as part of today’s Patch Tuesday rollout, saying that users are recommended to avoid opening documents coming from unknown sources until the fix is deployed.
“We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically,” a company spokesperson said.
“Meanwhile we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue.”
Bypassing all mitigation systems
Security company McAfee has also confirmed the security vulnerability and said that attackers are able to bypass most mitigation features in Windows to compromise a target computer.
“The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an .hta file. Because .hta is executable, the attacker gains full code execution on the victim’s machine. Thus, this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft,” McAfee said.
The vulnerability affects all Windows computers, including the latest Windows 10, as well as all Office versions, so the only way to remain secure without a patch is to avoid opening documents coming from untrusted sources.
The Patch Tuesday rollout begins later today, so make sure that you deploy this month’s fixes as soon as possible, especially if you’re working with Word documents and the RTF format in particular.