Windows 8 and 8.1 Forums


Vulnerability in Microsoft Word Could Allow Remote Code Ex

  1. #1


    Posts : 22,582
    64-bit Windows 10

    Vulnerability in Microsoft Word Could Allow Remote Code Ex


    Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer.

    As part of the security advisory, we have included an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code. Additionally, applying the Fix it does not require a reboot. We encourage all customers using Microsoft Word to apply this Fix it to help protect their systems.

    The Enhanced Mitigation Experience Toolkit (EMET) also helps to defend against this vulnerability when configured to work with Microsoft Office software. If you are using EMET 4.1 with the recommended settings, this configuration is already enabled and no additional steps are required.

    We also encourage you to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. In addition, we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. More information can be found at www.microsoft.com/protect.

    We continue to work on a security update to address this issue. We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers.

    Thank you,
    Dustin Childs
    Group Manager, Response Communications
    Trustworthy Computing
    Source: Microsoft Releases Security Advisory 2953095 - MSRC - Site Home - TechNet Blogs


    See also: Microsoft Security Advisory (2953095): Vulnerability in Microsoft Word Could Allow Remote Code Execution

      My System SpecsSystem Spec

  2. #2

    Microsoft Discovers Word Security Flaw, Issues Fix-It Patc


    Microsoft today confirmed that Word 2010 is affected by a critical security flaw that would allow an attacker to remotely execute code and thus get privileges that would allow him to compromise user data.

    The exploit is possible with the help of a malicious RTF document or a Microsoft Outlook email file, the company said in an advisory released today. A number of attacks have already been discovered, Microsoft says, so the company rolled out a Fix-It patch that would help users tweak their computers to make sure that they’re fully protected of any incoming attacks.
    More
      My System SpecsSystem Spec

  3. #3



    I am Woman! Hear Me Roar!
    NJ
    Posts : 1,116
    4 Windows 7 Pro Sp1- 4 Win 8 Pro, 1- xp pro sp3


    has anyone here applied the fixit tool?
      My System SpecsSystem Spec

  4. #4
      My System SpecsSystem Spec

  5. #5



    I am Woman! Hear Me Roar!
    NJ
    Posts : 1,116
    4 Windows 7 Pro Sp1- 4 Win 8 Pro, 1- xp pro sp3


    seems like Microsoft is going to put it this months Patch Tuesday
      My System SpecsSystem Spec

  6. #6


    Bay Area
    Posts : 21,841
    Windows 7 Home Premium x64


    Quote Originally Posted by robinb9 View Post
    has anyone here applied the fixit tool?
    I was about to, but then saw if you have EMET 4.1 configured for Office it wasn't necessary

    A Guy
      My System SpecsSystem Spec

Vulnerability in Microsoft Word Could Allow Remote Code Ex
Related Threads
Serious vulnerability in Microsoft’s anti-malware engine​Yesterday, Microsoft released a security advisory informing customers about a vulnerability in the Microsoft Malware Protection Engine, which is found in several products including Windows Defender, Microsoft Security Essentials, and...
Source: Microsoft Security Advisory (2896666): Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
Source: Microsoft Security Advisory (2887505): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Microsoft Ignores Windows Vulnerability Found by Google Engineer
Microsoft Security Advisory (2847140) Read more at source: Microsoft Security Advisory (2847140): Vulnerability in Internet Explorer Could Allow Remote Code Execution For more info about the Suggested Actions, see also:
Read more at source: Microsoft Security Advisory (2794220): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Eight Forums Android App Eight Forums IOS App Follow us on Facebook