 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Alert
Microsoft Security Advisory 2953095 / Microsoft Word
⇒ Summarized by Dustin Childs @ the Microsoft Security Response Center Blog:
Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer.
As part of the security advisory, we have included an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code. Additionally, applying the Fix it does not require a reboot. We encourage all customers using Microsoft Word to apply this Fix it to help protect their systems.
The Enhanced Mitigation Experience Toolkit (EMET) also helps to defend against this vulnerability when configured to work with Microsoft Office software. If you are using EMET 4.1 with the recommended settings, this configuration is already enabled and no additional steps are required.
http://blogs.technet.com/b/msrc/archive/2014/03/24/microsoft-releases-security-advisory-2953095.aspx
* * * * * * * * * * * * * * * * * * * * * * * *
⇒ Noted by Brian Krebs - "Microsoft: 0Day Exploit Targeting Word, Outlook" :
"To be clear, Microsoft said the exploits it has seen so far attacking this vulnerability have targeted Word 2010 users, but according to Microsoft's advisory the flaw is also present in Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011."
See the Affected Software section of the Advisory to view the entire list.
* * * * * * * * * * * * * * * * * * * * * * * *
Refer to:
Microsoft Security Advisory 2953095:
https://technet.microsoft.com/en-us/security/advisory/2953095
Microsoft Fix it Solution:
https://support.microsoft.com/kb/2953095
Microsoft Security Response Center Blog: Microsoft Releases Security Advisory 2953095
http://blogs.technet.com/b/msrc/archive/2014/03/24/microsoft-releases-security-advisory-2953095.aspx
Microsoft Security Research and Defense Blog: Security Advisory 2953095: recommendation to stay protected and for detections
http://blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic