CrAKeN Posted April 11, 2017 Share Posted April 11, 2017 The flaw affects all Word versions on any Windows version Microsoft has confirmed that this month’s Patch Tuesday would bring an update aimed at fixing a vulnerability in Word that exposes users to malware infections. Disclosed by security company Fire Eye, the Microsoft Word security flaw makes it possible for hackers to hijack Windows computers with the help of a malicious RTF document that hides code which then triggers malware downloads on target systems. Microsoft has confirmed in a statement that it plans to address the vulnerability as part of today’s Patch Tuesday rollout, saying that users are recommended to avoid opening documents coming from unknown sources until the fix is deployed. “We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically,” a company spokesperson said. “Meanwhile we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue.” Bypassing all mitigation systems Security company McAfee has also confirmed the security vulnerability and said that attackers are able to bypass most mitigation features in Windows to compromise a target computer. “The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an .hta file. Because .hta is executable, the attacker gains full code execution on the victim’s machine. Thus, this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft,” McAfee said. The vulnerability affects all Windows computers, including the latest Windows 10, as well as all Office versions, so the only way to remain secure without a patch is to avoid opening documents coming from untrusted sources. The Patch Tuesday rollout begins later today, so make sure that you deploy this month’s fixes as soon as possible, especially if you’re working with Word documents and the RTF format in particular. Source Link to comment Share on other sites More sharing options...
Pete 12 Posted April 11, 2017 Share Posted April 11, 2017 Some more OS-stability would be much more welcome , instead of all this "security"................. Link to comment Share on other sites More sharing options...
Karlston Posted April 11, 2017 Share Posted April 11, 2017 3 hours ago, Pete 12 said: Some more OS-stability would be much more welcome , instead of all this "security"................. Nah... the only important thing according to Microsoft is to keep OS's up to date. Nothing else matters any more, especially unimportant things like having a working system. Don't forget to watch the new episode of that great reality show, "Users vs Windows 10 Feature Update Bugs". The last episode was really good, lots of broken systems and angry users wanting Microsoft's blood. A bit long though at 3 months. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.