Microsoft zero day affecting Word, Outlook present in preview mode

A new zero-day attack affecting versions of Word and Outlook uses remote code execution to gain user-level rights with a malicious RTF file.

Microsoft kicked off a new work week by announcing that a zero-day exploit affecting version of Word and Outlook has been found in the wild.

In a security advisory released Monday, the Redmond, Wash.-based vendor detailed that the Microsoft zero-day attack uses a rich text format (RTF) file. If opened or previewed in certain versions of Word or Outlook, an attacker could gain the same user rights as the current system user.

To date, the software giant said it has seen "limited targeted attacks" against only Word 2010, but said in its advisory that the issue also exists in Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011.

Microsoft has yet to release a software patch for the affected applications, but it did release a temporary Fix-It workaround that prevents Word from opening RTF files and thus mitigates such an attack.

The company said when the permanent patch is available it may be released as an out-of-cycle patch or as part of its monthly Patch Tuesday release cycle.

Its next scheduled patch release date, April 8, 2014, is the final Patch Tuesday in which Microsoft will make new updates available for Windows XP. Microsoft recommended all XP users upgrade to a newer operating system with better built-in security protections.

Dig deeper on Security patch management and Windows Patch Tuesday news

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close