Hackers have been targeting a security hole in the popular word processing application Word 2010. The attacks are limited at the moment to unnamed targets, possibly a number of organisations, but in the meantime Microsoft has issued a temporary fix pending a full investigation.
Microsoft has just announced that Word 2010 has a vulnerability that has already been exploited by hackers.
In a security advisory released yesterday, the US giant said it is ‘aware of limited, targeted attacks at Microsoft Word 2010.”
The flaw makes remote code execution possible. In plain language this means that an attacker could remotely seize control of an affected computer.
With this vulnerability, hackers are creating booby-trapped documents in the Rich Text Format (RTF) that exploit vulnerability in the 2010 of version of Microsoft Word.
The attack aims to get a user to open the booby-trapped RTF document using Word 2010.
Further, if a user previews or opens a specially crafted RTF email message in Outlook while using Word 2010 as the email viewer, they could also inadvertently invite attacks.
As a point to note, Word is set as the default email viewer in Outlook 2007, Outlook 2010 and Outlook 2013.
Microsoft said it has identified ‘targeted attacks’ using this method. This usually means hacks that are directed against specific individuals or organisations, but Microsoft doesn’t want to say who, because it’s probably too sensitive.
From a home user’s point of view this means that general home computers are not the target of the attack.
However, if paranoia is creeping in, you can protect yourself by viewing emails in plain text.
Temporary fix from Microsoft
In the meantime, Microsoft has issued a temporary fix which can be found here. Go to ‘Introduction’ and then ‘Fix it for me section.’
Once Microsoft has fully investigated the flaw it plans to release a full security update.
Security updates are usually applied automatically when you turn your machine on or off – you get a message asking you to wait while updates are applied.