Microsoft released Security Advisory 2953095 which relates to a vulnerability in Microsoft Word. At this time, Microsoft is aware of limited, targeted attacks directed at Microsoft Word 2010.
With the vulnerability, an attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer.
RecommendationsUsers of Microsoft Word 2010 are encouraged to apply the Microsoft Fix it solution. If you use Outlook, follow the Office help instructions to Read email messages in plain text.
|Enable Fix it||Disable Fix it|
Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), with instructions provided in the Security Research and Defense Blog article referenced below.
- CVE Reference: CVE-2014-1761
- Microsoft KB Article 2953095: Microsoft security advisory: Vulnerability in Microsoft Word could allow remote code execution
- MSRC: Microsoft Releases Security Advisory 2953095
- Security Research & Defense: Security Advisory 2953095: recommendation to stay protected and for detections
- Tech Net Advisory: Microsoft Security Advisory (2953095) Vulnerability in Microsoft Word Could Allow Remote Code Execution
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...