Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Word Zero-Day Used in Targeted Attacks

wiredmikey (1824622) writes | about 6 months ago

1

wiredmikey (1824622) writes "Microsoft warned on Monday of a remote code execution vulnerability (CVE-2014-1761) in Microsoft Word that is being actively exploited in targeted attacks directed at Microsoft Word 2010.

If successfully exploited, an attacker could gain the same user rights as the current user, Microsoft said, noting that users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges.

“The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer,” Microsoft explained in the advisory.

Microsoft did not share any details on the attacks that leveraged the vulnerability, but did credit Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team for reporting it to Microsoft."

Link to Original Source

cancel ×

1 comment

Sorry! There are no comments related to the filter you selected.

Affects more than Word 2010, Including Mac OS (1)

wiredmikey (1824622) | about 6 months ago | (#46569455)

One important piece not included in my original post, is that while the reported attacks are targeting Microsoft Word 2010, other software products affected by the vulnerability include: Microsoft Word 2003, Microsoft Word 2007, Microsoft Word 2013, Microsoft Word Viewer Microsoft Office for Mac 2011. [securityweek.com] Fortunately for Windows systems, according to the Microsoft engineers, tests showed that EMET default configuration can block the exploits seen in the wild.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>