Microsoft Word Critical Zero-Day Vulnerability Fixed With Tuesday Patch

 
Share on Facebook Tweet Share Share Reddit
Microsoft Word Critical Zero-Day Vulnerability Fixed With Tuesday Patch

Highlights

  • Microsoft's fix comes just days after the bug came to light
  • The zero-day vulnerability affects all versions of Microsoft Word
  • The fix is a part of the regular Tuesday patch that Microsoft rolls out

Microsoft has rolled out a fix for the zero-day vulnerability in its Word productivity app that came to light a few days ago, when revealed by McAfee. This new zero-day exploit works on all Microsoft Office versions, including the latest Office 2016 running on Windows 10, and we recommend all users to download the fix.

The fix is a part of the regular Tuesday patch that Microsoft rolls out, and the company's quick response proves how critical the bug was - in fact, it had been actively exploited, with a fresh report by Proofpoint of more exploits coming in as well.

In its advisory, Microsoft notes, "A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by correcting the way that Microsoft Office and WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft Office and WordPad will leverage to resolve the identified issue."

As we mentioned, McAfee first highlighted the exploit, and in its research report, it said that it discovered the exploit in action in late January. The samples collected by the team saw the exploit organised as Word files (more specially, RTF files with ".doc" extension name). All the user requires to do is open or preview the specially crafted file with an affected version of Microsoft Office or WordPad.

In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and then convincing the user to open the file, Microsoft notes. We also recommend users to observe caution before opening Word files from untrusted sources.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Tasneem Akolawala

When not expelling tech wisdom, Tasneem feeds on good stories that strike on all those emotional chords. She loves road trips, a good laugh, and interesting people. ... More

Instagram Direct Revamped, Combines Disappearing and Permanent Messages
Snapdeal Said to Dole Out Up to 15 Percent Pay Hike Amid Sell-Off Buzz
 
 

Advertisement