Microsoft has discovered a new Word vulnerability in which an attacker could cause a remote code execution by tricking a user into opening a malicious RTF document or Outlook email message if Word is configured as the email viewer. The company believes this vulnerability is actively being deployed in “limited, targeted attacks” against Word 2010.
Despite the current attacks focused against Word 2010, Microsoft states that the Word vulnerability affects all supported versions of the company’s word processing software. Until a patch can be deployed, the company has issued a “Fix it” automation for users which prevents Word from opening RTF files. After applying the Fix it, users can still open RTF documents in other word processing software, such as Microsoft WordPad, which is not believed to be susceptible to the vulnerability at this time.
Microsoft urges all users of Word 2003, 2007, 2010, 2013, and Word for Mac 2011 to take at least one of the following actions to protect themselves while a patch is developed:
- Apply the above-mentioned Fix it solution.
- Configure the Office File Block Policy to prevent Word from opening RTF files.
- Configure Outlook to open emails as plain text. Because Word is the default email viewer for recent versions of Outlook, this will prevent the malicious code in the RTF file from being executed.
There’s no word yet on when a patch to the Word vulnerability is expected. Microsoft normally releases software updates on the second Tuesday of each month (a.k.a. “Patch Tuesday”). Without deviating from this schedule, that would make the earliest patch date for the Word vulnerability Tuesday, April 8th.
