Microsoft advisory published on March 24th 2014 has issued a warning to its customers. The Advisory has alerted about a vulnerability in Microsoft Word 2010 which has been exploited by the attacker. The specially created RTF (Real Time Format) files which provide the “user rights” to the attacker. For example if you are the administrator of your computer and you click open the affected RTF file, the attacker gets the administrator rights for your computer.
The attacker can now remotely execute code on your computer and take full control of your system. Since RTF files are opened in Microsoft Word, the advisory was issued. Previewing the RTF file can also affect your computer by stealing your user rights. So Microsoft in its advisory has asked its users to beware from such files. Anyhow since the use of RTF file format is minimal you can just ignore opening a RTF file till a final solution is derived to fix this vulnerability.
Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution, “Disable opening RTF content in Microsoft Word,” prevents the exploitation of this issue through Microsoft Word. – Microsoft
Security experts believe that internet users whose accounts are configured to have limited user rights would be less impacted than those with administrative privileges. Home users will be soft targets as they are administrators for their systems.
The tech giant explained that in a web-based attack scenario, a hacker could host a site containing a webpage with RTF file. Compromised websites or the ones accepting or hosting user provided material might contain the affected file.
The sites that would be most preferably one hosting torrents and online file storage portals. The experts point out that the vulnerability could be exploited via Microsoft Outlook only when using Microsoft Word as the email viewer. Word is the default email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.