Microsoft Word Zero-Day Used In Targeted Attacks 88
wiredmikey (1824622) writes "Microsoft warned on Monday of a remote code execution vulnerability (CVE-2014-1761) in Microsoft Word 2010 that is being actively exploited in targeted attacks. If successfully exploited, an attacker could gain the same user rights as the current user, Microsoft said, noting that users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges. 'The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer,' Microsoft explained Microsoft did not share any details on the attacks that leveraged the vulnerability, but did credit Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team for reporting it to Microsoft."
Re:Block all .RTF attachments (Score:4, Interesting)
I'm pretty sure nobody would notice or care.
The one trick (comparatively rare; but it happens at times) is that if you take an RTF document and give it a .doc suffix, Word will interact with it happily enough and I think even save it in the RTF format if you modify-and-save.
This means that if you block by suffix, a remotely clueful attacker will just fix their suffix and carry on; but if you block by format a small and fairly unpredictable subset of '.doc' files will be weeded out for reasons users will be unlikely to grasp.
This would hardly make it the most painful thing routinely inflicted on users in the name of security; but it isn't a plus.