• Home
  • Apps
  • Apps News
  • Microsoft Word Critical Zero Day Vulnerability Fixed With Tuesday Patch

Microsoft Word Critical Zero-Day Vulnerability Fixed With Tuesday Patch

Share on Facebook Tweet Snapchat Share Reddit Comment
Microsoft Word Critical Zero-Day Vulnerability Fixed With Tuesday Patch
Highlights
  • Microsoft's fix comes just days after the bug came to light
  • The zero-day vulnerability affects all versions of Microsoft Word
  • The fix is a part of the regular Tuesday patch that Microsoft rolls out

Microsoft has rolled out a fix for the zero-day vulnerability in its Word productivity app that came to light a few days ago, when revealed by McAfee. This new zero-day exploit works on all Microsoft Office versions, including the latest Office 2016 running on Windows 10, and we recommend all users to download the fix.

The fix is a part of the regular Tuesday patch that Microsoft rolls out, and the company's quick response proves how critical the bug was - in fact, it had been actively exploited, with a fresh report by Proofpoint of more exploits coming in as well.

In its advisory, Microsoft notes, "A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by correcting the way that Microsoft Office and WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft Office and WordPad will leverage to resolve the identified issue."

As we mentioned, McAfee first highlighted the exploit, and in its research report, it said that it discovered the exploit in action in late January. The samples collected by the team saw the exploit organised as Word files (more specially, RTF files with ".doc" extension name). All the user requires to do is open or preview the specially crafted file with an affected version of Microsoft Office or WordPad.

In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and then convincing the user to open the file, Microsoft notes. We also recommend users to observe caution before opening Word files from untrusted sources.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Tasneem Akolawala Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
Instagram Direct Revamped, Combines Disappearing and Permanent Messages
Snapdeal Said to Dole Out Up to 15 Percent Pay Hike Amid Sell-Off Buzz

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com