Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Word Zero-Day Used In Targeted Attacks

Posted by Unknown on from the upgrade-your-word-processor dept.

wiredmikey (1824622) writes "Microsoft warned on Monday of a remote code execution vulnerability (CVE-2014-1761) in Microsoft Word 2010 that is being actively exploited in targeted attacks. If successfully exploited, an attacker could gain the same user rights as the current user, Microsoft said, noting that users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges. 'The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer,' Microsoft explained Microsoft did not share any details on the attacks that leveraged the vulnerability, but did credit Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team for reporting it to Microsoft."

18 of 88 comments (clear)

  1. Wasn't RTF supposed to be minimalistic and simple? by skids · · Score: 4, Insightful

    Last time I looked RTF (decade or so ago) was a pretty bare-bones least-common-denominator document markup specification.

    --
    Someone had to do it.
  2. The question......... by Anonymous Coward · · Score: 2, Funny

    RTF?!

    1. Re: The question......... by Anonymous Coward · · Score: 5, Funny

      RTFA

  3. Re:Wasn't RTF supposed to be minimalistic and simp by Anonymous Coward · · Score: 3, Informative

    Wasn't RTF supposed to be minimalistic and simple?

    RTF is. Word isn't.

    Word is bloated, cumbersome and buggy.

  4. this should never have happened by chromaexcursion · · Score: 4, Informative

    A simple protocol, no need for system access.
    Oh well, MS seems to have found a way to screw that up.

    Maybe Bill should pay to fix it ...

    1. Re:this should never have happened by Anonymous Coward · · Score: 2, Insightful

      Word processing was a solved problem in 1997, but Microsoft still has to continuously "upgrade" their software to be able to sell it again. They are out of good ideas, so they end up implementing bad ideas like adding system access to a simple protocol.

    2. Re:this should never have happened by Viol8 · · Score: 2

      "Huh, if only... Unless you mean smart-typewriter-level functionality."

      You're joking , right? Were you born then or something? I managed to right a dissertation on MacWrite back in 93 without ever once thinking it needed more functionality.

    3. Re:this should never have happened by marsu_k · · Score: 4, Funny

      I managed to right a dissertation on MacWrite back in 93 without ever once thinking it needed more functionality.

      I'm guessing it didn't include a spell checker?

    4. Re:this should never have happened by inasity_rules · · Score: 3, Funny

      No, his dissertation had obviously been overturned, and using MacWrite, he was able to right it. :D

      --
      I have determined that my sig is indeterminate.
  5. The best thing about standards is by invictusvoyd · · Score: 2

    There are so many of them to choose from

  6. Is LibreOffice vulnerable to the same exploit? by mmell · · Score: 4, Insightful

    No? Okay, later.

    1. Re:Is LibreOffice vulnerable to the same exploit? by RoLi · · Score: 5, Informative

      Probably the MS-fans will think that's a problem, because LibreOffice is not "compatible".

      In fact the very fact that LibreOffice is an independent implementation of the file formats is a big advantage, because it is much more robust - When you reverse-engineer something you usually cover all possibilities (of a variable, etc.) - this is also the reason why you can often open corrupted .doc files with LibreOffice.

  7. Re:Zero Day emacs flaw... by Anonymous Coward · · Score: 3, Funny

    A lisp virus is the same as a regular virus, except that you pronounce it Lithp Viruth.

  8. Whew, dodged a bullet there! by fuzzyfuzzyfungus · · Score: 2

    Privilege escalation is always worse than 'execute with same privileges as user'; but for primarily-end-user software the distinction seems a great deal less helpful (unlike, say, on the server, where attacks isolated to one service account or daemon are legitimately less dangerous). Joe User's security context has access to more or less his entire life in documents and ill-secured website passwords, and enough permission to plant something that will start when he next logs in in a zillion different places that he isn't likely to notice(details will vary by OS; but the only real exception would be the control-freakier mobile ones). So Joe User is screwed at either privilege level, and, from the perspective of fixing the system, conclusively proving that only user-level access was gained and the system is still secure (much less attempting to fix it if it isn't) is so much more time consuming than just nuking it and applying a fresh image that you'd only try in order to get samples of the attacker, not because it's worth the trouble on its own.

  9. Re:Block all .RTF attachments by fuzzyfuzzyfungus · · Score: 3, Interesting

    I'm pretty sure nobody would notice or care.

    The one trick (comparatively rare; but it happens at times) is that if you take an RTF document and give it a .doc suffix, Word will interact with it happily enough and I think even save it in the RTF format if you modify-and-save.

    This means that if you block by suffix, a remotely clueful attacker will just fix their suffix and carry on; but if you block by format a small and fairly unpredictable subset of '.doc' files will be weeded out for reasons users will be unlikely to grasp.

    This would hardly make it the most painful thing routinely inflicted on users in the name of security; but it isn't a plus.

  10. Re:Wasn't RTF supposed to be minimalistic and simp by fuzzyfuzzyfungus · · Score: 3, Insightful

    Plus OLE support. Quite a powerful capability; but one of those powerful capabilities best handled carefully, kept away from direct sunlight, protected from shocks, and otherwise treated as though it is just waiting to ruin your day.

  11. Re:Wasn't RTF supposed to be minimalistic and simp by symbolset · · Score: 2

    You have been able to embed OLE objects since 1992.

    --
    Help stamp out iliturcy.
  12. Most security professionals consider MS the bar by walterbyrd · · Score: 2

    > "Most security professionals consider Microsoft the bar every other vendor should strive to meet."

    Computerworld said it, so it must be true.

    http://www.computerworld.com/s/article/9246837/Perspective_Microsoft_risks_security_reputation_ruin_by_retiring_XP?pageNumber=2