Zero Day Exploit Targeting Security Hole In Word, Outlook

Microsoft warned today that attackers are exploiting a previously unknown security hole in Microsoft Word that can be used to foist malicious code if users open a specially-crafted text file, or merely preview the message in Microsoft Outlook.

Microsoft explained that the exploits it has seen attacking this vulnerability so far have targeted Word 2010 users, but added that the advisory flaw is also present in Word 2003, 2007, 2013, Word Viewer, and Office for Mac 2011.

Microsoft says it's working on an official fix for the flaw, but that in the meantime affected users can apply a special Fix-It solution that disables the opening of RTF content in Microsoft Word.

https://support.microsoft.com/kb/2953095

http://krebsonsecurity.com/2014/03/microsoft-warns-of-word-2010-exploit/

Thank you.

Jim Furstenberg, IT Security Analyst

Last updated: 04-09-2014