Microsoft Word under attack. Don't open RTF files!

[Deozaan]

Hide yo wives! Hide yo kids! And hide yo husbands, cuz they RTFing errybody out here!

Microsoft Corp. on Monday issued an emergency security warning saying that hackers have found a way to booby-trap certain common Word files with the .rtf extension.

Microsoft says it's aware of attacks going on now, but there's no fix yet to stop the hackers. It's working on a way to stop the bug.

The only way to be sure your computer won't get infected is not to open a document with the .rtf file extension until Microsoft says it's fine to do so.

-http://www.businessinsider.com/hackers-are-attacking-microsoft-word-2014-3

Read more here:

http://www.businessi...icrosoft-word-2014-3

The Business Insider article seems to imply the attacks are for all editions of Microsoft Word, but the actual security advisory says the exploit only works in versions before Word 2010:

At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010.

[...]

We were glad to see in our tests that this exploit fails (resulting in a crash) on machines running Word 2013, due to the ASLR enforcement introduced for this product.

-http://blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx

So be sure to read the actual security advisory posted by Microsoft here to get the actual info:

http://technet.micro...ity/advisory/2953095

[Stoic Joker]

I'll save you some time reading:

Affected Software

Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 (32-bit editions)
Microsoft Word 2013 (64-bit editions)
Microsoft Word 2013 RT
Microsoft Word Viewer
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office for Mac 2011
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 1
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Word Automation Services on Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013

-Microsoft

Jesus! Mac too! ...Way to share the love MS (idiots..).

Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).

[40hz]

Ya know...if they could just let wordprocessors process text, and email readers just read email, and not web-enable or otherwise implement all these ancillary capabilities into them...things might become less risky. Seriously, why does everything have to behave like a portal these days?
 

[Stoic Joker]

Ya know...if they could just let wordprocessors process text, and email readers just read email, and not web-enable or otherwise implement all these ancillary capabilities into them...things might become less risky. Seriously, why does everything have to behave like a portal these days?
 

-40hz (March 25, 2014, 05:25 PM)

Damn Straight and Amen to that.

[Deozaan]

Seriously, why does everything have to behave like a portal these days?

-40hz (March 25, 2014, 05:25 PM)

For science! And cake!

[40hz]

Seriously, why does everything have to behave like a portal these days?

-40hz (March 25, 2014, 05:25 PM)

For science! And cake!

-Deozaan (March 25, 2014, 06:58 PM)

Microsoft Office!
It works like it does because our plan
For our precious bottom line
Requires we move you online...

So it's no use crying that it's all a mistake
We'll just keep on trying, and we'll tell you "Eat cake!"
While the meters run
'neath the brave new sun
Of a world where cloud service firms thrive...

[Deozaan]

Bravo!

[x16wda]

^ Heehee!

[wraith808]

[superboyac]

Seriously, why does everything have to behave like a portal these days?

-40hz (March 25, 2014, 05:25 PM)

For science! And cake!

-Deozaan (March 25, 2014, 06:58 PM)

Microsoft Office!
It works like it does because our plan
For our precious bottom line
Requires we move you online...

So it's no use crying that it's all a mistake
We'll just keep on trying, and we'll tell you "Eat cake!"
While the meters run
'neath the brave new sun
Of a world where cloud service firms thrive...

-40hz (March 25, 2014, 07:32 PM)

hey!  it rhymes!
 

[TaoPhoenix]

Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).

-Stoic Joker (March 25, 2014, 05:15 PM)

Or LibreOffice/Notepad2/KingsoftWriter/other?

I only use rtf files when I am being utterly lazy because plain txt doesn't want to capture fonts. The rest of the time I guess I use 2003 style .doc (LibreOffice I am looking at you, quit burying it in the settings!)

In a silly other note it's amusing no one has yet (that I know of) made a Botnet Detector game.
"Your machine has been Pwned. What do you want to do?

A. Send 1.6 million emails
B. Participate in a DDOS
C. Play Minefield like it is 1997
"

[Stoic Joker]

Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).

-Stoic Joker (March 25, 2014, 05:15 PM)

Or LibreOffice/Notepad2/KingsoftWriter/other?

-TaoPhoenix (March 25, 2014, 09:20 PM)

True, but I'm looking at/for something that is lite, fast, and native. WordPad is already there by default and quick enough, which is why I use it and .rtf for all the server documentation on our cloud system ... As there is no way in hell I'm installing Office on any of the host servers.

[apankrat]

Public service announcement

If you have to use Word or open RTF emails in Outlook, install EMET and enable it for both apps. In fact, it's generally not a bad idea to keep EMET enabled for your email client, your browser and the flash player *at all times*. Doing so plugs quite a few attack vectors and helps mitigating zero-days.

[40hz]

As there is no way in hell I'm installing Office on any of the host servers.

-Stoic Joker (March 25, 2014, 10:21 PM)

  I sure hope not!  In any IT department worthy of the name, doing so would be an awfully creative way to "tender one's resignation" wouldn't it?

[Shades]

Ooops. Then I am in trouble.

In my defense: I need to send and receive encrypted mail in 3rd party software for (very) specific B2B traffic. This is actually the law in the Netherlands (participants in this traffic have to comply, else they can expect heavy fines or even exclusion which means bankruptcy).

Unfortunately that requires extended MAPI(this is by Microsoft design) which is only supported in Outlook, which requires me to do a (partial) Office installation on a server.

But I do recognize the irony in this. To be able to communicate securely I need to install software known to be insecure and destabilizing a Windows installation.

[40hz]

Unfortunately that requires extended MAPI(this is by Microsoft design) which is only supported in Outlook, which requires me to do a (partial) Office installation on a server.

But I do recognize the irony in this. To be able to communicate securely I need to install software known to be insecure and destabilizing a Windows installation.

-Shades (March 26, 2014, 01:58 PM)

Good lord! And here I thought the Dutch were way ahead of us when it came to saying "NO" to this sort of nonsense...

[Vurbal]

Unfortunately that requires extended MAPI(this is by Microsoft design) which is only supported in Outlook, which requires me to do a (partial) Office installation on a server.

But I do recognize the irony in this. To be able to communicate securely I need to install software known to be insecure and destabilizing a Windows installation.

-Shades (March 26, 2014, 01:58 PM)

Good lord! And here I thought the Dutch were way ahead of us when it came to saying "NO" to this sort of nonsense...

-40hz (March 26, 2014, 02:36 PM)

Maybe that's the problem. Perhaps their bureaucrats felt the country was falling behind in the important metric of impossible demands on IT. They could just be hoping to catch up to the rest of the world.