Main Area and Open Discussion > General Software Discussion
Microsoft Word under attack. Don't open RTF files!
Deozaan:
Hide yo wives! Hide yo kids! And hide yo husbands, cuz they RTFing errybody out here!
Microsoft Corp. on Monday issued an emergency security warning saying that hackers have found a way to booby-trap certain common Word files with the .rtf extension.
Microsoft says it's aware of attacks going on now, but there's no fix yet to stop the hackers. It's working on a way to stop the bug.
The only way to be sure your computer won't get infected is not to open a document with the .rtf file extension until Microsoft says it's fine to do so.-http://www.businessinsider.com/hackers-are-attacking-microsoft-word-2014-3
--- End quote ---
Read more here:
http://www.businessinsider.com/hackers-are-attacking-microsoft-word-2014-3
The Business Insider article seems to imply the attacks are for all editions of Microsoft Word, but the actual security advisory says the exploit only works in versions before Word 2010:
At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010.
[...]
We were glad to see in our tests that this exploit fails (resulting in a crash) on machines running Word 2013, due to the ASLR enforcement introduced for this product.-http://blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx
--- End quote ---
So be sure to read the actual security advisory posted by Microsoft here to get the actual info:
http://technet.microsoft.com/en-us/security/advisory/2953095
Stoic Joker:
I'll save you some time reading:
Affected Software
Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 (32-bit editions)
Microsoft Word 2013 (64-bit editions)
Microsoft Word 2013 RT
Microsoft Word Viewer
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office for Mac 2011
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 1
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Word Automation Services on Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013
-Microsoft
--- End quote ---
Jesus! Mac too! ...Way to share the love MS (idiots..).
Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).
40hz:
Ya know...if they could just let wordprocessors process text, and email readers just read email, and not web-enable or otherwise implement all these ancillary capabilities into them...things might become less risky. Seriously, why does everything have to behave like a portal these days?
:-\
Stoic Joker:
Ya know...if they could just let wordprocessors process text, and email readers just read email, and not web-enable or otherwise implement all these ancillary capabilities into them...things might become less risky. Seriously, why does everything have to behave like a portal these days?
:-\
-40hz (March 25, 2014, 05:25 PM)
--- End quote ---
Damn Straight and Amen to that. :Thmbsup:
Deozaan:
Seriously, why does everything have to behave like a portal these days?-40hz (March 25, 2014, 05:25 PM)
--- End quote ---
For science! And cake!
Navigation
[0] Message Index
[#] Next page
Go to full version