Facing Attacks on RTF Hole, Microsoft Urges Office Users To Patch

The Microsoft Malware Protection Center has urged users of its Office suite to apply a security update, MS10-087, released last November. The company says it has become aware of attacks exploiting the hole in Office applications that are circulating on the Internet.

Office patchThe Microsoft Malware Protection Center has urged users of its Office suite to apply a security update, MS10-087, released last November. The company says it has become aware of attacks exploiting the hole in Office applications that are circulating on the Internet.

The security hole in question affects features that allow Microsoft Office applications to parse different file formats. The vulnerability in
question, ‘RTF Stack Buffer Overflow Vulnerability,’ can be triggered in Microsoft Word with a specially formatted RTF (Rich Text Format) file. Microsoft says it has evidence of specially crafted RTF files circulating in the wild that attempt to trigger the vulnerability, according to a post on the Microsoft Malware Protection Center blog.

In overflow attacks, attackers are able to gain access to areas of a vulnerable machine’s memory beyond what has been allocated for a particular job. That allows malicious code to be copied to unprotected areas of a victim’s system and run -disrupting the operation of the machine or allowing the attacker to install their own code on the system. 

In the wild, Microsoft found emails with files titled ‘Bilawar
Bhutto Sex Scandal’ and ‘New Year’s Greeting Card.’ While the company isn’t speculating on the origin or intended targets of the attacks, both the files themselves
and their names were written in Russian.

In addition to
installing the MS10- 087 upgrade, the Microsoft Malware Protection team recommends
enabling the firewall, using up-to-date anti-virus software, limiting user privileges
and using strong passwords on your computer as well as using caution when
opening file attachments, accepting file transfers, and linking to unfamiliar
websites.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.