Severity: High
Summary:
- These vulnerabilities affect: Microsoft Word 2007 (and related components)
- How an attacker exploits them: By enticing users to open or interact with a maliciously crafted Word document
- Impact: In the worst case, an attacker can gain complete control of your Windows computer
- What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.
Exposure:
As part of today’s Patch Day, Microsoft released a security bulletin describing a vulnerability affecting Word 2007, and related software like the Office compatibility pack.
Word is the popular word processor that ships with Office. It suffers from A memory corruption vulnerabilities having to do with how it handles embedded fonts in documents. By luring one of your users into downloading and opening a malicious Word document, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. If your users have local administrator privileges, the attacker gains complete control of their PCs.
Microsoft only rates this update as Important (their medium severity), since it requires user interaction to succeed. However, we’ve seen many attackers successfully use malicious Office documents in emails, as part of their advanced spear-phishing campaigns. For that reason, we recommend you install Microsoft’s Word updates as soon as you can.
Solution Path:
Microsoft has released a Word (and related product) update to correct these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network as soon as possible. If you choose, you can also let Windows Update automatically download and install these updates for you.
See the “Affected and Non-Affected Software” section of Microsoft’s Word bulletin for links to the updates.
For All WatchGuard Users:
WatchGuard’s Gateway Antivirus service can often prevent the most common malicious documents from reaching your users. You can also leverage our XTM appliance’s proxies policies to block all Word documents if you like; though most administrators prefer not to since Office documents are often shared as part of business. To fully protect yourself, we recommend you install Microsoft’s updates.
Status:
Microsoft has released patches correcting these issues.
References:
- Microsoft Security Bulletin MS14-034
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).
What did you think of this alert? Let us know at [email protected].
Leave a Reply