Microsoft issues security advisory and 'Fix-it' patch for Word exploit

Microsoft normally waits until the second Tuesday of each month, otherwise known as "Patch Tuesday", to release security updates for its software products. Today, Microsoft has issued a out-of-schedule security advisory for an exploit that affects all current and older supported versions of its Word program.

In a post on their security response blog, Microsoft says that the issue was found after a "limited" number of attacks against Word 2010 had been reported. The post added:

An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer.

The company has already released a manual "Fix-it" patch that should close the Word exploit; downloading and installing the patch will not require a reboot of the PC. Microsoft says that installing the Enhanced Mitigation Experience Toolkit (EMET) will also help defend a PC against this software hole. In addition to all Windows and Mac versions of Word, the patch will also fix the same issue in Word Viewer and Word Automation Services on Microsoft SharePoint Server.

It is likely that Microsoft will issue an update for the Word vulnerability with the next "Patch Tuesday" on April 8th so if you forget to download the patch, Microsoft will install it for you.

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

Google trying to promote adoption of WebP image format for websites

Next Story

JavaScript creator Brendan Eich named as new CEO of Mozilla

11 Comments

Commenting is disabled on this article.

UnclePritchard said,
what about word 2013?

the article states it is for word 2013 as well but apparently not for 8.1, when i tried to install it, it said my system was not supported. yey?

recursive said,
Its 2014 and you can still be pwned on windows simply by opening a document. And they wail Android is insecure.

Yes. At least with Android its behind the scenes where no average user will ever know/see.

Sure. Go ahead, put a home management app on your Android phone. Give everyone the keys to your house. I dare you.

'Pwned'? What are you, like 14?