Qualys CTO Wolfgang Kandek revealed the attack in a blog post, warning businesses that a successful attack could grant hackers remote access to their systems.
"The vulnerability CVE-2014-1761 is in the file format parser for RTF (Rich Text Format) and could be used by an attacker to gain remote access to the targeted system. The attack vector is a document in RTF format that the victim would have to open with Word," read the post.
"If the target uses Outlook 2007, 2010 or 2013 for email, please be aware that Word is the default viewer for emails, and that even looking at the email in the preview pane could lead to an infection through this attack."
Kandek said the vulnerability is particularly troubling as it affects Apple Mac systems running Microsoft Office for the Mac 201 as well as Windows systems.
Microsoft has since released an emergency workaround for the vulnerability on its TechNet blog.
"Today, Microsoft released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010," read the advisory.
"To facilitate deployment of the first workaround, we are providing a Fix it automated tool. The fix uses Office's file block feature and adds few registry keys to prevent opening of RTF files in all Word versions."
Kandek praised Microsoft for its rapid response, confirming that the temporary fix does effectively mitigate the exploit. "It seems that EMET ASLR enforcements efficiently counters the exploit. Good stuff," he said.
The Word and Outlook attack is one of many advanced threats uncovered targeting Microsoft services in recent months. Microsoft was forced to release an emergency fix for a vulnerability in Internet Explorer known to have been targeted by hackers earlier in March.
No comments:
Post a Comment