Microsoft has reported a vulnerability in Microsoft Word that hackers have been using in “limited, targeted attacks.” The exploit is activated when someone opens or previews an infected RTF file though Outlook, or clicks an infected link online, giving the attacker the same permissions to a device that the user has. Though Outlook itself is not directly affected, hackers can also enter a firm’s system through the reading pane in Outlook if Microsoft Word is the default email viewer when a user is previewing an infected RTF email.
Such an attack is potentially devastating for a targeted firm’s data and an example of why we frequently recommend to our clients that they do not give administrative rights to their users. If a hacker gains rights to such an administrative account, an entire firm’s system will be compromised.
Known attacks have thus far focused on Word 2010, but other versions are susceptible to this exploit as well, including Word 2003, 2007, Office for Mac 2011, Office Web Apps 2010, and Office Web Apps Server 2013.
Microsoft plans to release a patch with a monthly or out-of-cycle security update. Until then, it recommends applying the “Fix it” solution “Disable opening RTF content in Microsoft Word,” and includes additional actions and suggestions in its advisory bulletin. As always, firms should also advise shareholders and staff not to click on unknown links or attachments in emails.