A vulnerability affecting all supported versions of Microsoft Word has been reported which allows remote code execution when a targeted user opens a RTF file using the software. Currently, Microsoft say that it has detected "limited, targeted attacks directed at Microsoft Word 2010”.
The malicious RTF file can also infect a machine if it is viewed in Outlook using the preview feature. At present there’s no patch to solve the issue and it’s thought that one will be issued on the next Patch Tuesday.
"The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013,” Microsoft said in an advisory.
Once the code has been executed, it allows the attacker to take control of the machine, giving the attacker the same privileges as the user who’s logged in. Infection can also take place through a webpage that contains a RTF file crafted by an attacker.
The vulnerability affects Word 2003, 2007, 2010, 2013 and Office for Mac 2011 and Microsoft Office Web Apps, Automation Services on SharePoint Server 2010 and 2013.
Microsoft recommend that admins disable the ability to open RTF data in Word as a means of protection until the bug is fixed and also use the Enhanced Mitigation Experience Toolkit to help prevent attacks.
"On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," Microsoft said.
It’s also wise to ensure that users only have permissions that are relevant to their jobs in order to prevent machines being hijacked wherever possible. Microsoft further recommend that users ensure that a firewall is used and properly configured, as well as antivirus software.