Microsoft offers temporary fix for serious security flaw that affects Word, Outlook
Microsoft has announced a new vulnerability in Microsoft Word that it says is being actively exploited. The flaw is found in the format parser for RTF, or Rich Text Format, and could be used by an attacker to gain remote access to the targeted system. Discovery of the vulnerability is credited to Drew Hintz, Shane Huntley and Matty Pellegrino of the Google security team.
According to the bulletin published Monday, Word 2003, Word 2007, Word 2013 and Word 2013 RT are affected. Word 2013 RT is the version of Word that was especially crafted for Microsoft's (NASDAQ: MSFT) Windows RT tablet operating system. The Word software in Office for Mac 2011 is also listed as vulnerable.
The problem is particularly serious as it also affects another popular Microsoft application: Microsoft Outlook. This is because recent editions of Outlook, namely Outlook 2007, Outlook 2010 and Outlook 2013 use Word as the default viewer for email. This means that even viewing an email that is crafted to exploit this flaw in the preview pane could result in a system compromise.
For now, Microsoft has offered a "Fix It" automated tool to mitigate the issue until a proper security update is made available. This particular Fix It prevents the opening of RTF files and can be accessed here.