There is a common understanding that viruses can only be activated by an .exe file. This is still true. However, this is not to be complacent as the article below discloses. Just viewing the reading pane in rich test format mode (rtf) can cause a serious compromise. Read on and be cautious for you and your circles!
=========================================
Just previewing email can give attackers control of your PC, Microsoft
warns
Brad Chacos@BradChacos
PC World
Mar 25, 2014 7:44 AM
Attackers are actively exploiting a
newly discovered Microsoft Word vulnerability that could be used to gain remote
access of your PC, Microsoft warned
Monday—and even worse, the exploit can be triggered by opening or
merely previewing a malicious email using Outlook's default settings.
The attack is delivered using
booby-trapped Rich Text (RTF) files. Accessing or previewing a poisoned file
with Word grants the attacker the same rights as the current user.
Making matters worse, Word is the
default document viewer in Outlook 2007, 2010, and 2013.
Currently, Microsoft is only aware of
the limited, targeted attacks against Word 2010, but the same vulnerability
affects Word 2013, Word 2013 RT, Word 2007, Word 2003, Microsoft Office for Mac
2011, and related programs like Word Compatibility Viewer and Word Automation
Services on Microsoft SharePoint Server.
Microsoft's released a Fix It that neutralizes the exploit
by going the nuclear route and barring all RTFs whatsoever. That may not be an
option for you, seeing as how the RTF format is a popular alternatives to
Microsoft's .DOC format and widely used by non-Office productivity programs. If
so, there are a couple of workarounds you can use to mitigate the risk until
Microsoft patches it up:
·
Configure
Outlook to read emails in
plain text.
·
Try to stay
away from RTF files, but if you have to open one, scan it with security
software first. This should be standard security practice for all downloads.
·
Use a limited
account in Windows, rather than an Administrator account, for your day-to-day
PC usage. That way the attacker receives far more limited access to your
machine if you do become infected. In fact, this one simple trick
can make your PC virtually invulnerable.
·
Microsoft says
running its Enhanced
Mitigation Experience Toolkit (EMET) can also protect against the
exploit, as is often the case with zero-day attacks.
Finally, note that the exploit also
involves Word 2003, and Office 2003 is
going end-of-life on April 8, just like Windows XP.
That means no more security patches for situations just like this, and Office
is a common attack vector for baddies. Yes, it's going to be hard to ditch
Office 2003's traditional file menus, but staying safe in the future means
upgrading and learning to love the Ribbon, folks.
No comments:
Post a Comment