Microsoft has released a new Security Advisory (KB2953095) pertaining to a vulnerability in all versions of Microsoft Word, in which an attacker can remotely execute code if a malicious RTF file was opened or if a specially crafted email in Microsoft Outlook was opened while using Microsoft Word as the email viewer. The company has rolled out a fix-it patch while a security fix is in the works.
“Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer,” Microsoft stated in an official blog post.
For those that did not know, Microsoft Word is the email reader in Outlook 2007, Outlook 2010, and Outlook 2013. At this time, Microsoft is aware of limited and targeted attacks directed towards Word 2010, but all versions of Word are affected.
As part of the security advisory, Microsoft has released an easy one-click fix-it patch to prevent attackers from leveraging the vulnerability to execute code. The patch does not require a reboot. Microsoft is working on releasing a security fix, addressing this issue, in the near future. Hit the download link below to snag the patch (it might not be available just yet, give it a few minutes).Microsoft, Office, Security