Word 2008 too 2011 for the Mac convey equally good been patched, precisely Microsoft has non yet issued a cook for the same flaw inward the older Word 2004. The circulating attacks impact exclusively Windows versions of the suite, however.
According to the Microsoft Malware Protection Center (MMPC), the grouping that investigates laid upwards on code too issues signature updates for the company's antivirus software, the offset in-the-wild exploits were detected final week.
When Microsoft shipped the Word piece final month, it rated the põrnikas equally "1" on its exploitability index, important it believed a working laid upwards on would popular upwards inside xxx days.
The laid upwards on uses a malicious RTF (Rich Text Format) file to generate a stack overflow inward Word on Windows, said MMPC researcher Rodel Finones. Following a successful exploit, the laid upwards on code downloads too runs a Trojan Equus caballus on the compromised computer.
Finones said that the code "reliably exploits this [Word] vulnerability."
Last month, Microsoft rated the RTF vulnerability equally "critical" inward Word 2007 too 2010, precisely equally "important" inward all other affected versions.
At the time, exterior researchers had seat their bets on the põrnikas equally a hacker selection because users running Office 2007 or 2010 could survive attacked if all they did was preview a specially-crafted RTF document inward the Outlook email client.
"Once a [malformed] message hits the Outlook preview pane, remote code tin survive executed. You should piece this correct away," Jason Miller, the information too safety squad director for Shavlik Technologies, said on the solar daytime Microsoft released the patch.
Finones urged users who convey non yet installed the Nov piece to produce then equally presently equally possible.
More information well-nigh the vulnerability tin survive establish inward the MS10-087 safety bulletin.
The MS10-087 update tin survive downloaded too installed using Microsoft Update too Windows Server Update Services (WSUS).
Share This :
comment 0 Comments
more_vert