Zero-day Microsoft Word vulnerability being exploited by hackers

25 Mar 2014

A zero-day vulnerability in Microsoft Word has seen thousands of users affected by the exploit that allows hackers to remotely access and control a person’s computer.

According to Microsoft’s statement and explanation on the oversight, hackers can create honey-trap documents in the Rich Text Format (RTF) that once it is clicked, will exploit a vulnerability in all versions between 2003 and 2013 of Microsoft Word and make a computer wide open to attack.

The statement went on to say Microsoft is aware of the issue and necessary steps will be taken to close the exploit. “Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010.

“The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer.”

The company has released a temporary fix in the meantime and has advised customers to download this patch to prevent any future issues.

Colm Gorey was a senior journalist with Silicon Republic