Word under attack: Microsoft

Attackers are exploiting an unpatched vulnerability on Word 2010, according to Microsoft Corp.

The company released an automated tool yesterday which will help protect users of the software until a patch can be issued.

Three members of Google Inc.’s security team reported the Word flaw to Microsoft according to the software maker’s security bulletin. Click here to access the tool.

“An attacker could cause remote code execution if someone was convinced to open a specially-crafted Rick Text Format (RTF) file or a specially-crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer,” Dustin Childs, group manager for Microsoft’s Trustworthy Computing group, wrote in a blog yesterday.

So far attacks appear to be aimed at Word 2010. However, the bulletin said that affected software also includes Word 2003, Word 2007, World 2013, Office for Mac 2011 version of Word and Word 2013 RT for the Windows RT tablet OS.

Since Word is the default editor for Outlook 2007, Outlook 2010 and Outlook 2013 on Windows, attackers can use the flaw to get potential victims to open or preview a malformed message.

Cyber criminals can also carry out drive-by attacks that use vulnerability in Word’s RTF parsing.

Read the whole story


Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web