Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Microsoft has released a security bulletin announcing of a zero-day vulnerability affecting Microsoft Word. Furthermore, the company states that there are “limited, targeted attacks directed at Microsoft Word 2010.” If exploited, this vulnerability (CVE-2014-1761) could allow a remote attacker to execute commands remotely via specially crafted files and email messages.

    Microsoft has also released preliminary details of the vulnerability and the exploit code. The vulnerability is exploited if a user opens an RTF file in Microsoft Word or previews or opens an RTF email message in Microsoft Outlook using Microsoft Word as the email viewer. It should be noted that Microsoft Word is the default email reader for Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.

    Several workarounds were included in Microsoft’s initial bulletin, including disabling opening of RTF files and enforcing Word to always open said type of file in Protected View. A fixtool has also been made available to help address the vulnerability while Microsoft works on a more permanent solution.

    What’s interesting is that Microsoft Word 2003 is listed as one of the affected software for this particular vulnerability—just a couple of weeks before support for Microsoft Office 2003 ends on April 8th.  We advise users to upgrade to later versions of the software to continue receiving security updates.

    We are currently looking into this vulnerability and will provide further information as appropriate. Trend Micro Deep Security has released a new deep packet inspection (DPI) rule to protect against exploits leveraging this vulnerability:

    • 1005990 – Microsoft Word RTF Remote Code Execution Vulnerability (CVE-2014-1761)

    Update as of April 4, 2014, 3:08 P.M. PDT

    Exploits related to this vulnerability are detected by Trend Micro as the following:

    • HEUR_RTFEXP.A
    • TROJ_ARTIEF.NSA
    • TROJ_ARTIEF.NSB




    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • Nightfall Huang

      I would also like to know.

    • Rusty Shackleford

      Has OfficeScan ScanMail virus patterns been updated yet to catch these attempts?



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice