Microsoft Warns of Office RTF 0-Day Attacks -- Redmondmag.com

Microsoft Warns of Office RTF 0-Day Attacks

It's recommended that IT disable Rich Text Files from being opened through Microsoft Office.

By Chris Paoli
03/25/2014

Microsoft said it is aware of an unpatched vulnerability that is being used in limited attacks against those using Microsoft Word.

The company issued Security Advisory 2953095 on Monday to advise the public on the remote code execution (RCE) flaw that can be leveraged if a malicious Rich Text File (RTF) is either opened in Office 2010 or previewed in Outlook with Word as the designated preview viewer.

Affected versions include Word 2003, 2007, 2010, Office for Mac 2011, Office Web Apps 2010 and Office Web Apps Server 2013. However, Microsoft said the active attacks have only targeted those systems running Word 2010.

The attacks could either come in the form of a harmful e-mail attachment or a Web-based attack in which a malicious RTF file is hosted and downloaded by a user. While Microsoft didn't detail the method actively being used in the wild, it's currently looking into the matter.

"On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," wrote Microsoft.

The vulnerability was first privately disclosed to Microsoft by Drew Hintz, Shane Huntley and Matty Pellegrino of the Google Security Team on Jan. 31.

As Microsoft continues to work on a solution to the zero-day attack vulnerability, either by releasing an out-of-band patch or including it in an upcoming monthly security update, the company detailed a stop-gap in the form of a "fix-it" solution that will disable opening RTF content in Word. It's recommended that network admins either manually disable RTF document viewing or run the fix-it solution, which will automatically disable opening of the file type.

Also, attacks through this flaw can be avoided by those using Microsoft's Enhanced Mitigation Experience Toolkit (EMET). Further, Microsoft recommends making sure all affected software is up to date, firewalls properly configured and antimalware software is installed.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.
Using Microsoft Office to Build a Network Diagram, Part 1

Keeping documentation is a great way to ease your future hardware refresh and have what you need for insurance purposes.