Permanent Fix for Microsoft Word Zero-day Releasing Next Week

As Windows XP and Office 2003 check-in for their very last Patch Tuesday *ever* next week, Microsoft is also making available a fix for the zero-day flaw discovered just two weeks ago. As I reported in Vulnerability in All Versions of Microsoft Word Could Lead to Computer Takeover, the flaw is a serious one. The vulnerability is against Microsoft Word, but due to how the application is integrated with other Microsoft applications, just casually viewing a RTF formatted file attachment in the Microsoft Outlook Reading Pane can cause the same level of attack as if actually opening the file.

Microsoft quickly released a Fix-It component, to help ward off attacks until the company could develop a real fix. The Fix-It simply blocked RTF files. In reality, RTF is an old file type and should probably be retired anyway. If you want to go ahead and do that, read through the following…

When the permanent fix releases, Microsoft is instructing those that employed the Fix-It patch to because a) it's no longer needed, and b) the security patch fixes the vulnerability instead of just blocking access to RTF files.

P.S. If Windows XP and Office 2003 were normal employees, they'd just call in sick and start retirement early.