Severity: High
Summary:
- These vulnerabilities affect: Microsoft Office related products, including Word and Outlook
- How an attacker exploits them: Typically by enticing users to open or interact with maliciously crafted Office documents or email
- Impact: In the worst case, an attacker can gain complete control of your Windows computer
- What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.
Exposure:
As part of today’s Patch Day, Microsoft released a security bulletin describing three vulnerabilities affecting the Windows versions of Word, and related software like Word Viewer, the Office compatibility packs, and Web Application products.
Word is the popular word processor that ships with Office. It suffers from three memory corruption vulnerabilities having to do with how it handles certain objects in memory. Though they differ technically, all three flaws share the same scope and impact. By luring one of your users into downloading and opening a malicious Word or Office document, an attacker can exploit any of these flaws to execute code on that user’s computer, with that user’s privileges. If your users have local administrator privileges, the attacker gains complete control of their PCs. These flaws affect all versions of Word except for Word for Mac.
Microsoft only rates this update as Important (their medium severity), since it requires user interaction to succeed. However, we’ve seen many attackers successfully use malicious Office documents in emails, as part of their advanced spear-phishing campaigns. For that reason, we recommend you install Microsoft’s Word updates as soon as you can.
Solution Path:
Microsoft has released Word (and related product) updates to correct these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network as soon as possible. If you choose, you can also let Windows Update automatically download and install these updates for you.
See the “Affected and Non-Affected Software” section of Microsoft’s Word bulletin for links to the updates.
For All WatchGuard Users:
WatchGuard’s Gateway Antivirus service can often prevent the most common malicious documents from reaching your users. You can also leverage our XTM appliance’s proxies policies to block all Word documents if you like; though most administrators prefer not to since Office documents are often shared as part of business. To fully protect yourself, we recommend you install Microsoft’s updates.
Status:
Microsoft has released patches correcting these issues.
References:
- Microsoft Security Bulletin MS14-001
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).
What did you think of this alert? Let us know at [email protected].
Color me unimpressed. Sysadmins who let their users have local-admin privileges deserve to get their networks hacked.