News

Microsoft warns of zero-day exploit Word

By admin
Spread the love

Microsoft has discovered that attackers are exploiting a vulnerability in Word 2007, 2010, and 2013. The vulnerability allows attackers to execute code on a system using the same permission set as the current user.

According to Microsoft, the attackers are currently mainly targeting users of Word 2010, but users from 2007 and 2013 are also vulnerable. This is a so-called zero-day exploit, which means that a security problem for which there is no patch yet is abused.

The security issue occurs when parsing data formatted as RTF. This compromises memory and allows an attacker to run their own code. This is done with the permission set of the current user. In addition, other security vulnerabilities in the operating system could be used to get a higher permission set.

In practice, for example, a Word document can be hidden in a web page to hit unsuspecting Internet users. This is what happens in a drive-by attack. A victim can also be approached by e-mail. By default, Word is the viewer for messages with RTF content.

Although there is no patch yet, users can protect themselves by, for example, disabling the RTF display in emails, which prevents Word from loading. Also, the automatic loading of plug-ins in web browsers can be disabled to prevent drive by attacks.

Facebook Notice for EU! You need to login to view and post FB Comments!
You might also like
News

Microsoft Office Direct Download Links of version 2021, 2019, 2016, 2013, 2010

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

‘Microsoft wants to postpone deadline for Activision Blizzard…