New Microsoft Word vulnerability

Technet link – specific wording:

The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

——————————————————————————————–

So if a malicious RTF(Rich Text Formatting file is opened inside Microsoft Word it will allow the attacker to run commands that normally cannot be run.

So it is possible we have yet to see the full effects on this vulnerability., as viruses and other attacks are being crafted(very likely).

The Microsoft ‘fix’ initially is to not allow RTF files to be opened.

Applying the Microsoft Fix it solution, “Disable opening RTF content in Microsoft Word,” prevents the exploitation of this issue through Microsoft Word. 

“This is not a fix, just a kludge” says TonyZ  – as people will open these files not knowing what will happen.

Advertisements