The vulnerability uses .RTF files opened in Microsoft Word or previewed in Microsoft Outlook using the MS Word previewer. Once the file is opened or previewed, attackers can gain remote access of your machine, to monitor activity, steal files, or execute malicious code.
To avoid this zero day threat:
- Do not open or preview .RTF email attachments from strangers.
- Do not download .RTF files from suspicious websites.
- Consider implementing Microsoft’s temporary Fix-It workaround to disable MS Word from opening .RTF files entirely.
For enhanced protection against this and future emailed threats, also consider changing your Outlook settings to read all standard mail in plain text. This setting prevents the automatic execution of emailed HTML and .RTF malware.
Emsisoft Anti-Malware’s Behavior Blocking Technology automatically protects users from this zero-day threat.
Additional Information
Microsoft writes that this zero day (CVE-2014-1761) was discovered in “limited, targeted attacks directed at Microsoft Word 2010.” However, further investigation has revealed that the vulnerability also exists in the following versions:
- Word 2003
- Word 2007
- Word 2013
- Word Viewer
Microsoft Outlook 2007, 2010, and 2013 are also particularly vulnerable, as they use MS Word as their default .RTF attachment previewer. Microsoft Outlook 2003 may also be vulnerable, if it is using MS Word as its .RTF attachment previewer (however this is not the default setting).
Advanced users may find more information on this latest zero day exploit in Microsoft’s official Security Advisory: https://technet.microsoft.com/en-us/security/advisory/2953095
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialHave a Great (Malware-Free) Day!