Microsoft: 'MS Word' Under Attack; Do Not Open Email Attachments With ".RTF" Extension
By Pavithra Rathinavel | March 26, 2014 2:40 PM EST
The attacks are carried out by using text documents with '.RTF' extensions (Rich Text Format) sent as an attachment via email.
However, systems could get affected just by opening, viewing & previewing the email message in Outlook Application. Notably, there is no need to download or open the attachment to get infected, reports Culture Mob.
Even though Microsoft's warning is aimed at Office 2010 package users, similar attacks could also infect Office 2003, Office 2007 and Office 2013 for Windows PCs, Microsoft Office for Mac 2011 and multiple versions of Microsoft SharePoint Server.
"Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word," Microsoft advisory stated. "At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word or previews or opens a specially crafted RTF e-mail message in Microsoft Outlook while using Microsoft Word as the e-mail viewer."
An automated patch (temporary) was issued by Microsoft that changes Microsoft Office settings to prevent opening RTF documents with MS Word vulnerable versions.
In their statement, Microsoft advised the users to view email with the "plain text" option and not download files with ".RTF extension" added as an attachment.
Also once your system is infected, the attackers obtain unlimited access to the system. They can steal sensitive documents on the hard disk or attack other workstations connected to the local network.
The Enterprise Administrators can create their own custom protection by utilizing "Trust Center" features of Office in place of the automated, temporary patch.
This threat is a grave reminder that attackers are targeting vulnerabilities that would trick users into making mistakes. This security hole is then exploited by hackers/attackers before the vendor becomes aware and hurries to fix it. This exploit is called zero-day attack.
To read more about Zero-Day vulnerability, click here.
To contact the editor, e-mail: