Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Microsoft Releases Patch for Zero-Day Flaw in Office and WordPad

CrAKeN

By CrAKeN
in Security & Privacy News

Recommended Posts

CrAKeN

CrAKeN

Posted
Posted

microsoft-releases-patch-for-zero-day-fl

 

WordPad is also affected by the flaw on all Windows systems

 

As promised, Microsoft used this month’s Patch Tuesday cycle to publish a patch for a zero-day vulnerability in the Office productivity suite and WordPad that would have allowed attackers to infect systems with malware using a compromised RTF document.

 

Details of this security vulnerability were published online earlier this week, and Microsoft acknowledged the problem, promising a fix on Patch Tuesday and recommending users to avoid opening RTF documents coming from untrusted sources until a patch is deployed.

 

Today, the company rolled out the fix and said that RTF documents could open the door for full control on a vulnerable system, with attackers being able to do virtually anything on a PC once infected.

 

“A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft says.

 

Patch as soon as possible


The company goes on to explain how the patch fixes the vulnerability, adding that in most of the cases, the RTF document is delivered via email to potential targets.

 

“The update addresses the vulnerability by correcting the way that Microsoft Office and WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft Office and WordPad will leverage to resolve the identified issue,” the company adds.

 

It goes without saying that users must deploy this new patch as soon as possible, especially given the fact that it’s a zero-day and details have already been published online.

 

In the case of systems where immediate patching is not yet possible, users are recommended to avoid opening RTF documents coming from untrusted sources or to switch to other applications that can handle this format and are not affected by the vulnerability.

 

Source

Link to comment
Share on other sites
  • Views 635
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...