Microsoft Word users told to disable RTF support after targeted attacks
26 March 2014 | 0
Microsoft Word users on both PC and Mac have been advised to apply a temporary fix for a dangerous remote execution zero day flaw after Google researchers discovered it being exploited in targeted attacks.
According to the firm’s 24 March advisory (CVE-2014-1761), the vulnerability would compromise anyone opening or previewing specially-crafted Rich Text Format (RTF) files using a range of Word versions either directly or using Outlook.
Alternatively, and probably more dangerously, users could be lured to websites containing booby-trapped files or ads using malicious links.
Given that this issue affects anyone using the program, there is some urgency to the alert. Because the flaw depends on exploiting the user’s privilege setting, anyone logged in under a standard rather than admin account will feel less impact, the firm said.
All versions of are affected, including Word 20013 SP3, Word 2010 32-bit/64-bit SP1/2, Word 2013 32-bit/64-bit, the Word viewer, and Microsoft Office Mac 2011.
While Microsoft comes up with a patch, the simplest defence is to disable RTF support in Word; Microsoft quickly issued a ‘fix it’ that does this job for the user.
“A secondary recommended action is to work with plain text in emails, which is generally a recommended safeguard that prevents the ‘drive-by’ characters of these types of attacks. It is described in this knowledgebase article at the Microsoft site,” said Microsoft.
Some businesses will be protected against the flaw depending on the protection they have installed.
“The exploit chain disruption capabilities prevent the exploit from successfully compromising user machines and infecting them with malware,” said security firm Trusteer of its Apex endpoint protection.
“Trusteer customers who have deployed Trusteer Apex to protect user endpoints are protected against attacks that exploit this new Microsoft Word zero-day exploit.”
John E Dunn, Techworld