Vulnerability in Microsoft Word Could Allow Remote Code Ex

Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer.

As part of the security advisory, we have included an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code. Additionally, applying the Fix it does not require a reboot. We encourage all customers using Microsoft Word to apply this Fix it to help protect their systems.

The Enhanced Mitigation Experience Toolkit (EMET) also helps to defend against this vulnerability when configured to work with Microsoft Office software. If you are using EMET 4.1 with the recommended settings, this configuration is already enabled and no additional steps are required.

We also encourage you to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. In addition, we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. More information can be found at www.microsoft.com/protect.

We continue to work on a security update to address this issue. We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers.

Thank you,
Dustin Childs
Group Manager, Response Communications
Trustworthy Computing

Source: Microsoft Releases Security Advisory 2953095 - MSRC - Site Home - TechNet Blogs


See also: Microsoft Security Advisory (2953095): Vulnerability in Microsoft Word Could Allow Remote Code Execution
 
Microsoft Discovers Word Security Flaw, Issues Fix-It Patc

Microsoft today confirmed that Word 2010 is affected by a critical security flaw that would allow an attacker to remotely execute code and thus get privileges that would allow him to compromise user data.

The exploit is possible with the help of a malicious RTF document or a Microsoft Outlook email file, the company said in an advisory released today. A number of attacks have already been discovered, Microsoft says, so the company rolled out a Fix-It patch that would help users tweak their computers to make sure that they’re fully protected of any incoming attacks.

More
 

My Computer

System One

  • OS
    Win7/8 Mint
    System Manufacturer/Model
    lenovo W530
    CPU
    intell i7
    Motherboard
    Lenovo
    Memory
    16gb
    Screen Resolution
    1920x1080
    Hard Drives
    512 gb ssd
    Other Info
    Around 13 million employes
has anyone here applied the fixit tool?
 

My Computer

System One

  • OS
    4 Windows 7 Pro Sp1- 4 Win 8 Pro, 1- xp pro sp3
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell Optiplex 390, 380, 3 Vostro Laptops (7 computers in all)
    CPU
    desktop/laptop
    Memory
    4gigs
    Graphics Card(s)
    atm randioum
    Hard Drives
    350,250
seems like Microsoft is going to put it this months Patch Tuesday
 

My Computer

System One

  • OS
    4 Windows 7 Pro Sp1- 4 Win 8 Pro, 1- xp pro sp3
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell Optiplex 390, 380, 3 Vostro Laptops (7 computers in all)
    CPU
    desktop/laptop
    Memory
    4gigs
    Graphics Card(s)
    atm randioum
    Hard Drives
    350,250
has anyone here applied the fixit tool?

I was about to, but then saw if you have EMET 4.1 configured for Office it wasn't necessary ;)

A Guy
 

My Computer

System One

  • OS
    Windows 10 Home x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    INTEL Core i5-750
    Motherboard
    ASUS P7P55D
    Memory
    KINGSTON HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
    Graphics Card(s)
    EVGA GTX750
    Monitor(s) Displays
    LG 27MP33HQ 32" IPS LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 840 Evo 120 GB, 2 x SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    ANTEC TruePower New TP-550, 80 PLUS®, 550W
    Case
    ANTEC Three Hundred Illusion
    Cooling
    COOLER MASTER Hyper 212 Plus, 3 x 120mm 1 x 140mm Case
    Internet Speed
    20 + Mbps
    Browser
    Vivaldi
    Antivirus
    Avast
Back
Top