Microsoft warns of security bug exploiting `preview email` to hack PC

Last Updated: Wednesday, March 26, 2014 - 22:02

Washington: Microsoft has reportedly warned that previewing emails before hitting send could allow hackers gain control of a user`s PC.

The software maker said that cybercriminals were actively exploiting a newly discovered Microsoft Word bug that could be exploited to gain remote access of a system.

According to PC World, the attack is delivered using booby-trapped Rich Text (RTF) files and accessing or previewing a bugged file with Word grants the attacker the same rights as the current user.
And the worst part is that Word is the default document viewer in Outlook 2007, 2010 and 2013.

Microsoft is only aware of the limited, targeted attacks against Word 2010, but the bug affects Word 2013, Word 2013 RT, Word 2007, Word 2003, Microsoft Office for Mac 2011, and related programs like Word Compatibility Viewer and Word Automation Services on Microsoft SharePoint Server, the report said.

Although Microsoft has issued a Fix It to neutralize the exploit by going the nuclear route and barring all RTFs, but since RTF formats are popular than Microsoft`s .Doc formats, users could configure Outlook settings to avoid any potential hacks.

Users should try to stay away from RTF files, but if there is no other option, they could scan it with security software first.
Microsoft said that running its Enhanced Mitigation Experience Toolkit (EMET) could also protect against the exploit.

The report said that since the exploit also involves Word 2003, and Office 2003 is going end-of-life on April 8 with Windows XP, it means no more security patches for such issues and users must adopt the updated versions.

First Published: Wednesday, March 26, 2014 - 22:02
comments powered by Disqus