Vulnerability in All Versions of Microsoft Word Could Lead to Computer Takeover

Microsoft has just released a new Security Advisory (2953095) detailing an identified vulnerability in Microsoft Word that could allow remote code execution.

Along with the notification, Microsoft has also released a Microsoft Fix It solution to ensure the exploit doesn't get out of hand before a formal update can be provided. Microsoft states they are aware of limited, targeted attacks against Microsoft Word 2010, but also indicates that the same vulnerability affects all versions of Word dating back to the 2003 version, and even affects Web App versions.

Related: Office 2013 and Office 365

The vulnerability is caused when a specially architected RTF-format document is opened. The opened document then corrupts system memory, allowing the attacker to execute code. Because Outlook 2007, 2010, and 2013 use Microsoft Word as the email viewer component, the file does not have to be executed by Word, only opened in the Outlook reading pane.

When the exploit is successful, the attacker gains the same rights as the logged-in user. This is yet another great example where users should never have administrative rights to the computer.

Microsoft's prescriptive action for now is to disable the ability for Microsoft Word to open RTF-formatted documents. This can be accomplished using the Microsoft Fix It solution provided here: Vulnerability in Microsoft Word could allow remote code execution

In addition, the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate the exploitation. EMET can be obtained from the Enhanced Mitigation Experience Toolkit web site.