Microsoft: 'MS Word' Under Attack; Do Not Open Email Attachments With ".RTF" Extension
By Pavithra Rathinavel | March 26, 2014 2:40 PM EST
The attacks are carried out by using text documents with '.RTF' extensions (Rich Text Format) sent as an attachment via email.
However, systems could get affected just by opening, viewing & previewing the email message in Outlook Application. Notably, there is no need to download or open the attachment to get infected, reports Culture Mob.
Even though Microsoft's warning is aimed at Office 2010 package users, similar attacks could also infect Office 2003, Office 2007 and Office 2013 for Windows PCs, Microsoft Office for Mac 2011 and multiple versions of Microsoft SharePoint Server.
"Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word," Microsoft advisory stated. "At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word or previews or opens a specially crafted RTF e-mail message in Microsoft Outlook while using Microsoft Word as the e-mail viewer."
An automated patch (temporary) was issued by Microsoft that changes Microsoft Office settings to prevent opening RTF documents with MS Word vulnerable versions.
In their statement, Microsoft advised the users to view email with the "plain text" option and not download files with ".RTF extension" added as an attachment.
Also once your system is infected, the attackers obtain unlimited access to the system. They can steal sensitive documents on the hard disk or attack other workstations connected to the local network.
The Enterprise Administrators can create their own custom protection by utilizing "Trust Center" features of Office in place of the automated, temporary patch.
This threat is a grave reminder that attackers are targeting vulnerabilities that would trick users into making mistakes. This security hole is then exploited by hackers/attackers before the vendor becomes aware and hurries to fix it. This exploit is called zero-day attack.
To read more about Zero-Day vulnerability, click here.
To contact the editor, e-mail:
Most Popular Slideshows
- George Clooney And Amal Alamuddin's Wedding In Venice: Photos Of Groom And His Family, Friends [Slideshow]
- NFL Recap - Week 4: Green Bay Packers 38, Chicago Bears 17 [PHOTOS]
- NFL Recap: New York Giants 45, Washington Redskins 14 [PHOTOS]
- Photos Of George Clooney And Amal Alamuddin, They Get Married Again On Monday [Slideshow]
Join the Conversation
- 3 Reasons to Get the Samsung Galaxy Note 4 Instead of the iPhone 6
- iPhone 6 vs Moto G 2014: Motorola’s Budget Smartphone Takes On Apple’s Premium Smartphone
- Google HTC Nexus 9 Tablet October 24 Launch Date Benefits Many
- Galaxy Note 4 vs Nexus 6: Which Smartphone Dominates
- MH 370 Search In Ocean To Intensify With Hi Tech Ships Joining The Plane Hunt From October
- Nexus 7 Tips and Tricks
- New Windows OS Is Not Windows 9, Microsoft To Launch Windows 10 As New OS Build