Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: info@c2techs.net

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • Privacy Policy
FREECONSULT
Tuesday, 25 March 2014 / Published in Woo on Tech

MS Word zero-day exploit in the wild

Microsoft Zero Day Warning

Microsoft has released a security advisory that warns of a new zero-day weakness that is currently being exploited on the internet. Depending on how you interpret their choice of wording – “targeted attacks” – the scale seems to be relatively limited for the moment, but given that the compromised app is Microsoft Word and is not limited to a specific version, the potential attack surface is huge. And it gets better: the delivery mechanism is a hacked RTF file that once opened can lead to the targeted machine being completely compromised. While RTF files aren’t as widely used as the default “.doc” and “.docx” formats, they are used to export and import documents from Word to other word processing platforms like Wordperfect, LibreOffice, OpenOffice and Apple Pages.

What this means for you:

Microsoft has issued a temporary fix which merely disables the ability for Word to open RTF files, but as of the moment there is no ETA on a patch delivered by Windows Update. We recommend applying this Fix-it if you are at all unsure what an RTF file is, or how to tell the difference from other Word and Email formats.

The most vulnerable user to this exploit is actually someone who uses Word to view formatted emails delivered via Outlook. Normally, Outlook is not set to view emails using Word by default, so if you didn’t set Outlook to do this, you only have to worry about Word. If you did, disable this feature and use Outlook’s built-in email viewer to read formatted emails. For Word users, don’t open RTF files, even if they come from a trusted source, and don’t send any RTF files, as your recipients may be exercising the same level of caution. If you have to exchange data using RTF, make sure you communicate thoroughly with your recipients, and choose another platform other than email to exchange files, primarily so there is no chance they could mistake a trojaned RTF for a legitimate file. 

  • Tweet
Tagged under: exploit, microsoft, outlook, rtf, security, trojan, word, zero day

What you can read next

Google Logo
Google’s New Advertising Shill: You!
ID-100144458.jpg
Phone Scammers are Upping Their Game
iCloud hacked?
Celebrities “exposed” in high-profile cloud breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Social Media monetizes our need to be social

    Part of our occasional series “The Elepha...
  • Freemail accounts will be hacked

    Most of you know that I do not recommend using ...
  • LastPass Breach is bad news for everyone

    Late in the year, just in time for the holidays...
  • 2023 – Approach with Caution

    Traditionally I like my year-end messages to be...
  • Privacy sign

    Popular tax apps leaked your data to Facebook

    While it shouldn’t come as a surprise to any of...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP