• Home
  • Apps
  • Apps News
  • Microsoft Word Critical Zero Day Vulnerability Fixed With Tuesday Patch

Microsoft Word Critical Zero-Day Vulnerability Fixed With Tuesday Patch

Microsoft Word Critical Zero-Day Vulnerability Fixed With Tuesday Patch
Highlights
  • Microsoft's fix comes just days after the bug came to light
  • The zero-day vulnerability affects all versions of Microsoft Word
  • The fix is a part of the regular Tuesday patch that Microsoft rolls out
Advertisement

Microsoft has rolled out a fix for the zero-day vulnerability in its Word productivity app that came to light a few days ago, when revealed by McAfee. This new zero-day exploit works on all Microsoft Office versions, including the latest Office 2016 running on Windows 10, and we recommend all users to download the fix.

The fix is a part of the regular Tuesday patch that Microsoft rolls out, and the company's quick response proves how critical the bug was - in fact, it had been actively exploited, with a fresh report by Proofpoint of more exploits coming in as well.

In its advisory, Microsoft notes, "A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by correcting the way that Microsoft Office and WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft Office and WordPad will leverage to resolve the identified issue."

As we mentioned, McAfee first highlighted the exploit, and in its research report, it said that it discovered the exploit in action in late January. The samples collected by the team saw the exploit organised as Word files (more specially, RTF files with ".doc" extension name). All the user requires to do is open or preview the specially crafted file with an affected version of Microsoft Office or WordPad.

In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and then convincing the user to open the file, Microsoft notes. We also recommend users to observe caution before opening Word files from untrusted sources.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Instagram Direct Revamped, Combines Disappearing and Permanent Messages
Snapdeal Said to Dole Out Up to 15 Percent Pay Hike Amid Sell-Off Buzz
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »