Microsoft declared today that AN un-patched vulnerability in Microsoft Word is being exploited within the wild.
All versions of Microsoft Word, each mackintosh and Windows, and several other connected programs just like the Word Viewer and Word Automation Services on Microsoft SharePoint Server are vulnerable, however this attacks are directed at Microsoft Word 2010. Exploits like these are typically version-specific, and in targeted attacks, like this seems to be, the aggressor might already grasp that version he has to exploit.
Microsoft conjointly says that Microsoft Outlook may even be exploited with such an RTF file if Word were set as the viewer for Outlook. within the default configuration Word is that the viewer in Outlook 2007, 2010 and 2013.
Microsoft has issued a mental object article with a \"Fix It\" tool that works round the drawback by disabling support for RTF. If you have faith in Word for RTF files this might be a haul.
A winning exploit would offer the aggressor management with the privileges of the user running Word, thus running with customary user privileges may reduce the injury that an aggressor may cause. Microsoft conjointly says that their increased Mitigation expertise Toolkit (EMET) tool will mitigate this vulnerability.
The vulnerability was reported to Microsoft by Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team.
0 comments