Hackers hijack Microsoft Word

Software empire Microsoft has warned the world of a remote code execution vulnerability which is being actively exploited in targeted attacks directed at Microsoft Word 2010.

Microsoft explained in the advisory that the vulnerability allows remote code execution if a user opens a specially crafted RTF file using an affected version of Word, or previews or opens an RTF email message in Microsoft Outlook while using Word as the email viewer.

In other words if you see an RTF file coming from someone do not open it. Hard to think who sends RFT files these days, so it is probably a safe bet that you should not open it.

If successfully exploited, an attacker could gain the same user rights as the current user, Microsoft said.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges, but home users would be toast.

Vole says that people should disable opening RTF content in Microsoft Word, which prevents the exploitation of this issue through Microsoft Word.

“In a web-based attack scenario, an attacker could host a website that contains a webpage that contains a specially crafted RTF file that is used to attempt to exploit this vulnerability”, Microsoft said.

Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability, Microsoft wrote.

“An attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website,” Vole added.

The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer, Microsoft warned. By default, Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.

As an initial workaround until the bug is fixed, Microsoft is providing a Fix it automated tool which uses Office’s file block feature and adds a  few registry keys to prevent opening of RTF files in all Word versions.