Microsoft kicked off a new work week by announcing that a zero-day exploit affecting version of Word and Outlook...
has been found in the wild.
In a security advisory released Monday, the Redmond, Wash.-based vendor detailed that the Microsoft zero-day attack uses a rich text format (RTF) file. If opened or previewed in certain versions of Word or Outlook, an attacker could gain the same user rights as the current system user.
To date, the software giant said it has seen "limited targeted attacks" against only Word 2010, but said in its advisory that the issue also exists in Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011.
Microsoft has yet to release a software patch for the affected applications, but it did release a temporary Fix-It workaround that prevents Word from opening RTF files and thus mitigates such an attack.
The company said when the permanent patch is available it may be released as an out-of-cycle patch or as part of its monthly Patch Tuesday release cycle.
Its next scheduled patch release date, April 8, 2014, is the final Patch Tuesday in which Microsoft will make new updates available for Windows XP. Microsoft recommended all XP users upgrade to a newer operating system with better built-in security protections.