topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 4:51 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Microsoft Word under attack. Don't open RTF files!  (Read 12079 times)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,746
    • View Profile
    • Read more about this member.
    • Donate to Member
Microsoft Word under attack. Don't open RTF files!
« on: March 25, 2014, 03:23 PM »
Hide yo wives! Hide yo kids! And hide yo husbands, cuz they RTFing errybody out here!

Microsoft Corp. on Monday issued an emergency security warning saying that hackers have found a way to booby-trap certain common Word files with the .rtf extension.

Microsoft says it's aware of attacks going on now, but there's no fix yet to stop the hackers. It's working on a way to stop the bug.

The only way to be sure your computer won't get infected is not to open a document with the .rtf file extension until Microsoft says it's fine to do so.

Read more here:

http://www.businessi...icrosoft-word-2014-3

The Business Insider article seems to imply the attacks are for all editions of Microsoft Word, but the actual security advisory says the exploit only works in versions before Word 2010:

At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010.

[...]

We were glad to see in our tests that this exploit fails (resulting in a crash) on machines running Word 2013, due to the ASLR enforcement introduced for this product.

So be sure to read the actual security advisory posted by Microsoft here to get the actual info:

http://technet.micro...ity/advisory/2953095
« Last Edit: March 25, 2014, 03:30 PM by Deozaan »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #1 on: March 25, 2014, 05:15 PM »
I'll save you some time reading:

Affected Software

Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 (32-bit editions)
Microsoft Word 2013 (64-bit editions)
Microsoft Word 2013 RT
Microsoft Word Viewer
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office for Mac 2011
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 1
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Word Automation Services on Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013
-Microsoft

Jesus! Mac too! ...Way to share the love MS (idiots..).

Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #2 on: March 25, 2014, 05:25 PM »
Ya know...if they could just let wordprocessors process text, and email readers just read email, and not web-enable or otherwise implement all these ancillary capabilities into them...things might become less risky. Seriously, why does everything have to behave like a portal these days?
 :-\

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #3 on: March 25, 2014, 06:56 PM »
Ya know...if they could just let wordprocessors process text, and email readers just read email, and not web-enable or otherwise implement all these ancillary capabilities into them...things might become less risky. Seriously, why does everything have to behave like a portal these days?
 :-\

Damn Straight and Amen to that. :Thmbsup:

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,746
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #4 on: March 25, 2014, 06:58 PM »
Seriously, why does everything have to behave like a portal these days?

For science! And cake!

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #5 on: March 25, 2014, 07:32 PM »
Seriously, why does everything have to behave like a portal these days?

For science! And cake!

Microsoft Office!
It works like it does because our plan
For our precious bottom line
Requires we move you online...

So it's no use crying that it's all a mistake
We'll just keep on trying, and we'll tell you "Eat cake!"
While the meters run
'neath the brave new sun
Of a world where cloud service firms thrive...

« Last Edit: March 25, 2014, 07:38 PM by 40hz »

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,746
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #6 on: March 25, 2014, 07:49 PM »
Bravo! :greenclp: :lol:

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #7 on: March 25, 2014, 07:51 PM »
^ Heehee!
vi vi vi - editor of the beast

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #8 on: March 25, 2014, 08:50 PM »

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #9 on: March 25, 2014, 09:19 PM »
Seriously, why does everything have to behave like a portal these days?

For science! And cake!

Microsoft Office!
It works like it does because our plan
For our precious bottom line
Requires we move you online...

So it's no use crying that it's all a mistake
We'll just keep on trying, and we'll tell you "Eat cake!"
While the meters run
'neath the brave new sun
Of a world where cloud service firms thrive...
hey!  it rhymes!
 ;D

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #10 on: March 25, 2014, 09:20 PM »
Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).

Or LibreOffice/Notepad2/KingsoftWriter/other?

I only use rtf files when I am being utterly lazy because plain txt doesn't want to capture fonts. The rest of the time I guess I use 2003 style .doc (LibreOffice I am looking at you, quit burying it in the settings!)

In a silly other note it's amusing no one has yet (that I know of) made a Botnet Detector game.
"Your machine has been Pwned. What do you want to do?

A. Send 1.6 million emails
B. Participate in a DDOS
C. Play Minefield like it is 1997
"

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #11 on: March 25, 2014, 10:21 PM »
Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).

Or LibreOffice/Notepad2/KingsoftWriter/other?

True, but I'm looking at/for something that is lite, fast, and native. WordPad is already there by default and quick enough, which is why I use it and .rtf for all the server documentation on our cloud system ... As there is no way in hell I'm installing Office on any of the host servers. :)

apankrat

  • Supporting Member
  • Joined in 2010
  • **
  • Posts: 155
    • View Profile
    • swapped.cc
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #12 on: March 26, 2014, 07:18 AM »
Public service announcement

If you have to use Word or open RTF emails in Outlook, install EMET and enable it for both apps. In fact, it's generally not a bad idea to keep EMET enabled for your email client, your browser and the flash player *at all times*. Doing so plugs quite a few attack vectors and helps mitigating zero-days.
Alex

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #13 on: March 26, 2014, 11:12 AM »
As there is no way in hell I'm installing Office on any of the host servers.

 ;D I sure hope not!  In any IT department worthy of the name, doing so would be an awfully creative way to "tender one's resignation" wouldn't it? 8)

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #14 on: March 26, 2014, 01:58 PM »
Ooops. Then I am in trouble.

In my defense: I need to send and receive encrypted mail in 3rd party software for (very) specific B2B traffic. This is actually the law in the Netherlands (participants in this traffic have to comply, else they can expect heavy fines or even exclusion which means bankruptcy).

Unfortunately that requires extended MAPI(this is by Microsoft design) which is only supported in Outlook, which requires me to do a (partial) Office installation on a server.

But I do recognize the irony in this. To be able to communicate securely I need to install software known to be insecure and destabilizing a Windows installation.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #15 on: March 26, 2014, 02:36 PM »
Unfortunately that requires extended MAPI(this is by Microsoft design) which is only supported in Outlook, which requires me to do a (partial) Office installation on a server.

But I do recognize the irony in this. To be able to communicate securely I need to install software known to be insecure and destabilizing a Windows installation.

Good lord! And here I thought the Dutch were way ahead of us when it came to saying "NO" to this sort of nonsense... :-\

Vurbal

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 653
  • Mostly harmless
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Microsoft Word under attack. Don't open RTF files!
« Reply #16 on: March 26, 2014, 09:40 PM »
Unfortunately that requires extended MAPI(this is by Microsoft design) which is only supported in Outlook, which requires me to do a (partial) Office installation on a server.

But I do recognize the irony in this. To be able to communicate securely I need to install software known to be insecure and destabilizing a Windows installation.

Good lord! And here I thought the Dutch were way ahead of us when it came to saying "NO" to this sort of nonsense... :-\

Maybe that's the problem. Perhaps their bureaucrats felt the country was falling behind in the important metric of impossible demands on IT. They could just be hoping to catch up to the rest of the world.
I learned to say the pledge of allegiance
Before they beat me bloody down at the station
They haven't got a word out of me since
I got a billion years probation
- The MC5

Follow the path of the unsafe, independent thinker. Expose your ideas to the danger of controversy. Speak your mind and fear less the label of ''crackpot'' than the stigma of conformity.
- Thomas J. Watson, Sr

It's not rocket surgery.
- Me


I recommend reading through my Bio before responding to any of my posts. It could save both of us a lot of time and frustration.