Microsoft has certainly seen its share of security vulnerabilities this year, and the latest threat making the rounds is targeting Word users on Windows systems, the company warned this week.
The new malware is using the popular word-processing application to open an infected rich-text file (RTF) which generates a stack overflow error to trigger the exploit, according to Microsoft Malware Protection Center (MMPC) researcher Rodel Fiones. The activated attack code then downloads and installs a Trojan horse virus on the victim’s computer.
The security hole is present in Microsoft Word versions 2002, 2003, 2007 and 2010 for Windows users only. Though a security update was made available, many unpatched systems still exist, and the MMPC began seeing the first exploits appear “in-the-wild” just last week. Microsoft was fully expecting an attack to occur within 30 days of the patch, however, and had rated the vulnerability as a “1” on their exploitability index.
This Trojan is particularly dangerous, and expected to be a popular target for hackers, because all a victim running Word 2007 or 2010 needs to do is view a malicious RTF in the preview pane of their Outlook email client.
"This is one that requires no user interaction. Once a [malformed] message hits the Outlook preview pane, remote code can be executed. You should patch this right away," Shavlik Technologies data and security team manager Jason Miller said when Microsoft released the patch.
If you’re a Windows and a Microsoft Office user, head over to Windows Update and make sure that all of the applicable security patches have been downloaded and installed on your system.
