Categories
Computer & Network Security>Microsoft|Computer & Network Security>Microsoft Security Bulletin|Computer & Network Security>Patches|Computer & Network Security>Zero-day

Microsoft Word Zero Day – Confirmed Attacks

Microsoft released a zero-day advisory for Microsoft Word.  According to Microsoft, “At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer.”

A patch should be released on April 8th, Patch Tuesday. For now, an immediate mitigation is to Disable opening RTF content in Microsoft Word, which prevents the exploitation of this issue through Microsoft Word. See the Suggested Actions section of this advisory for more information.