DTX Manchester DTX Manchester
  • About Us
Tuesday, 26 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Microsoft issue emergency fix for RTF zero-day

by The Gurus
March 25, 2014
in Editor's News
Share on FacebookShare on Twitter

Microsoft has warned of a zero-day vulnerability in Word and limited, targeted attacks directed at the 2010 version.
 
In an advisory, Microsoft said that the vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer.
 
The vulnerability can be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013 by default.
 
Wolfgang Kandek, CTO at Qualys, said: “The vulnerability CVE-2014-1761 is in the file format parser for RTF (Rich Text Format) and could be used by an attacker to gain remote access to the targeted system. The attack vector is a document in RTF format that the victim would have to open with Word.
 
“The current workaround is to disable RTF as a supported format in Microsoft Office. The advisory contains a link to FixIt 51010 that performs the action for the end-user here. A secondary recommended action is to work with plain text in emails, which is generally a recommended safeguard that prevents the “drive-by” characters of these types of attacks,” he said.
 
Dana Tamir, director of enterprise security, said: “A web-based scenario can also be used if the attacker creates a webpage that contains the malicious RTF-file, or if the malicious file is provided as content to websites that accept or host user-provided content or advertisements.
 
“Attackers may use this technique for conducting drive-by downloads and watering-hole attacks that infect website visitors. Microsoft has posted a blog that discussed possible mitigations and temporary defensive strategies that can be used while Microsoft is working on a security update.”

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: MicrosoftWindows
ShareTweetShare
Previous Post

20GB DDoS knocks Basecamp offline after blackmail refusal

Next Post

Report high lights black market sophistication

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Effective ways to prevent payroll fraud

Effective ways to prevent payroll fraud

January 25, 2021
Surveillance Camera on a wall

ADT Technician Watched Customers in their Homes

January 25, 2021
Up close image of a hand on a keyboard.

Hackers exploit U.S. Agency Supply Chain

January 25, 2021
Ripped paper heart

2.28 million MeetMindful users’ data leaked by hacker

January 25, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept