DOCSLIB.ORG

Microsoft Announces Zero-Day Vulnerability in Word

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microsoft Announces Zero-Day Vulnerability in Word Microsoft Announces Zero-Day Vulnerability in Word WHAT IS THE SECURITY ALERT? Microsoft issued Security Advisory (2953095) on 3/24/2014 alerting users to a vulnerability affecting Microsoft Word. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. The planted code runs with the same privileges as the user who opened the file. Currently there is no patch available for this vulnerability, as Microsoft is still investigating. They, and Eden, have some suggestions (outlined below) on how to protect you from this vulnerability WHICH VERSIONS OF MICROSOFT OFFICE ARE VULNERABLE? On Windows, every version and service pack from Office 2003 to Office 2013 is vulnerable. In addition Office for Mac 2011 is also vulnerable, as are software packages that implement Word functionality in other products such as SharePoint or web services. The complete list is: Microsoft Word 2003 Service Pack 3 Microsoft Word 2007 Service Pack 3 Microsoft Word 2010 Service Pack 1 (32-bit editions) Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 1 (64-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 (32-bit editions) Microsoft Word 2013 (64-bit editions) Microsoft Word 2013 RT Microsoft Word Viewer Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office for Mac 2011 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 1 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 Word Automation Services on Microsoft SharePoint Server 2013 Microsoft Office Web Apps 2010 Service Pack 1 Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Office Web Apps Server 2013 IS THERE AN ACTIVE ATTACK ON THIS VULNERABILITY? Microsoft reports that there are limited attacks in the wild targeted at Office 2010, but that could change at any time. Most attack scenarios do require that the user open the malicious file, either from email, in the Outlook preview pane, from a web link, or from media such as a USB key, although simply previewing email with a malicious RTF body could trigger the vulnerability. While there are no “drive-by” web attacks enabled by this vulnerability, the malicious email scenario is concerning because it requires no user action that is out of the ordinary to trigger. HOW CAN WE PROTECT OURSELVES AGAINST THIS VULNERABILTY? The only effective defense at this time is to prevent users from opening RTF format files. Microsoft has a “Fix It” available that will disable all RTF functionality in Word and Outlook (https://support.microsoft.com/kb/2953095). Additional steps that you might take are: If you have an email security system, configure it to block or quarantine all RTF attachments. If you have a web security gateway, configure it to block download of all RTF attachments. Educate your users to the issues with RTF attachments, and suggest vigilance at home as well as work. When a patch is available, install it and undo these workarounds. Read emails in plain text. (Please note: Email messages in plain text format do not contain pictures, special fonts or other rich text content. If this option is deployed, communication to end users is highly recommended to provide clarity and direction.) Although some of these suggestions may seem redundant, they will provide you with defense in depth, in case one measure doesn’t work. Eden Technologies Page 2 DO I NEED TO INSTALL A PATCH WHEN IT COMES OUT? Yes you do. Eden, Microsoft, and every security expert we know all recommend that you keep your systems patched and upgraded to supported versions of all software. In addition, the workarounds disable functionality that your users may need. Applying the patch and reversing the workarounds will restore that functionality for them. Note that if the patch is released after April 8, 2014 then it will not be available for Office 2003. If you are still using Office 2003, you should plan an upgrade. Have more questions about this vulnerability and your options? Our Eden experts are actively monitoring this and other active security issues. We can also discuss with you your options in upgrading from Office 2003. Feel free to reach out to us with your questions or concerns at [email protected] or 212-206- 0030. About Eden Technologies Eden Technologies is an IT consultancy that addresses the challenges of delivering critical business data and applications to employees and clients, anytime, anywhere, on any platform. Eden was founded in 2002 by two engineers who believe that focused thought, applied in a consistent manner, delivers great results. To that end, we approach every engagement, no matter the scale or impact with a well proven methodology that defines success. This methodology combined with a team of 100+ thoughtful, experienced and engaging engineers allows us to focus on delivering a high value user experience. Some call it excellence, we call it Done. Done.™ Eden Technologies Page 3 .
Load more

Recommended publications
  • Microsoft Word 1 Microsoft Word
    Microsoft Word 1 Microsoft Word Microsoft Office Word 2007 in Windows Vista Developer(s) Microsoft Stable release 12.0.6425.1000 (2007 SP2) / April 28, 2009 Operating system Microsoft Windows Type Word processor License Proprietary EULA [1] Website Microsoft Word Windows Microsoft Word 2008 in Mac OS X 10.5. Developer(s) Microsoft Stable release 12.2.1 Build 090605 (2008) / August 6, 2009 Operating system Mac OS X Type Word processor License Proprietary EULA [2] Website Microsoft Word Mac Microsoft Word is Microsoft's word processing software. It was first released in 1983 under the name Multi-Tool Word for Xenix systems.[3] [4] [5] Versions were later written for several other platforms including IBM PCs running DOS (1983), the Apple Macintosh (1984), SCO UNIX, OS/2 and Microsoft Windows (1989). It is a component of the Microsoft Office system; however, it is also sold as a standalone product and included in Microsoft Microsoft Word 2 Works Suite. Beginning with the 2003 version, the branding was revised to emphasize Word's identity as a component within the Office suite; Microsoft began calling it Microsoft Office Word instead of merely Microsoft Word. The latest releases are Word 2007 for Windows and Word 2008 for Mac OS X, while Word 2007 can also be run emulated on Linux[6] . There are commercially available add-ins that expand the functionality of Microsoft Word. History Word 1981 to 1989 Concepts and ideas of Word were brought from Bravo, the original GUI writing word processor developed at Xerox PARC.[7] [8] On February 1, 1983, development on what was originally named Multi-Tool Word began.
    [Show full text]
  • Microsoft Word
    Microsoft Word From Wikipedia, the free encyclopedia Microsoft Office Word Microsoft Office Word 2010 on Windows 7. Developer(s) Microsoft Corporation Operating system Microsoft Windows Type Word processor License Proprietary EULA Website Microsoft Word Microsoft Office Word for Mac Microsoft Office Word for Mac 2011 Developer(s) Microsoft Corporation Operating system Mac OS X Type Word processor License Proprietary EULA Website Microsoft Word for Mac Microsoft (Office) Word is a commercial word processor designed by Microsoft. It was first released in 1983 under the name Multi-Tool Word for Xenix systems.[1][2][3] Subsequent versions were later written for several other platforms including IBM PCs running DOS (1983), the Apple Macintosh (1984), the AT&T Unix PC (1985), Atari ST (1986), SCO UNIX, OS/2, and Microsoft Windows (1989). It is a component of the Microsoft Office software system; it is also sold as a standalone product and included in Microsoft Works Suite. The current versions are Microsoft Office Word 2010 for Windows and Microsoft Office Word 2011 for Mac. Contents [hide] 1 History o 1.1 Origins and growth: 1981 to 1995 o 1.2 Microsoft Word for Windows since 1995 o 1.3 Microsoft Word for Mac since 1995 2 File formats o 2.1 File extension o 2.2 Binary formats (Word 97–2003) o 2.3 XML Document (Word 2003) o 2.4 Attempts at cross-version compatibility o 2.5 Third party formats 3 Features and flaws o 3.1 Normal.dot o 3.2 WordArt o 3.3 Macros o 3.4 Layout issues o 3.5 Bullets and numbering o 3.6 Creating tables o 3.7 AutoSummarize o 3.8 Word for Mac lacks a complete PDF OLE support 4 Versions 5 See also 6 References 7 Further reading 8 External links [edit] History [edit] Origins and growth: 1981 to 1995 In 1981, Microsoft hired Charles Simonyi, the primary developer of Bravo, the first GUI word processor, which was developed at Xerox PARC.[4] Simonyi started work on a word processor called Multi-Tool Word and soon hired Richard Brodie, a former Xerox intern, who became the primary software engineer.[4][5][6] Microsoft Word 5.0 for DOS.
    [Show full text]
  • Download Microsoft Powerpoint Viewer for Windows 8
    Download microsoft powerpoint viewer for windows 8 Microsoft PowerPoint Viewer lets you view full-featured presentations created in PowerPoint 97 and later versions. Download · Close window. Fast downloads of the latest free software!*** PowerPoint Viewer lets you view full-featured presentations created in PowerPoint and The following Microsoft PowerPoint features are not supported by this viewer. PowerPoint Viewer , free and safe download. If you have an older machine with an older version of Microsoft Office, or if you're using OS. Windows XP. From Microsoft: PowerPoint Viewer lets you view full- featured presentations created in PowerPoint 97 and later versions with full fidelity. Windows XP, Windows Vista, Windows , Windows 7, Windows 8, English Viewing: PowerPoint Viewer enables to read any Microsoft. PowerPoint Viewer, a free download from , enables viewing of PowerPoint Mobile If you are using Windows 10, PowerPoint Mobile is installed. Microsoft Office is definitely the most popular Office suite for Windows computers – however, not every user can afford to purchase this software. Doesn't need of Microsoft Software, PowerPoint Viewer can view high quality PowerPoint files from PPT, Step 1: Download and install PowerPoint Viewer. PowerPoint Viewer, free download. PowerPoint presentation software may vary, but will generally run fine under Microsoft Windows 10, 8. Microsoft PowerPoint Viewer might not seem a complex utility, but it it comes to viewing a wide range of PowerPoint formats, including. Met deze viewer kunt u ook Microsoft PowerPoint-presentaties Download In Windows 8/ vindt u het programma via het Startscherm. PowerPoint Viewer kostenlos in deutscher Version downloaden! Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP .
    [Show full text]
  • Word Viewer Android Free Download
    Word viewer android free download Continue Viewer documents - Word, Excel, Docs, Slide s Sheet is the smallest size (less than 30MB) and all-in-one full free office package on Android mobile and tablet devices, integrates all the functions of the office word processor: Word, PDF, Presentation, Table, Memo and Scanner in one app, and is fully compatible with Word, Excel, PowerPoint, Documents and PDF format. All Office file formats: doc, docx, wpt,dotm, docm, dot, dotx/xls, xlsx, xlt, xltx, csv, xml, et, ett/PDF/ppt, pot, dps, dpt, pptx, potx, ppsx/txt/magazine, lrc, c, cpp, h, asm, s, java, asp, bat, bas, prg, cmd, epub, please send me an email. Not so smart people can just give a bad rating and/or use expletives in the comments and/or complain about missing software features never promised to have... Office Documents Viewer (Free) is a view of openOffice and Microsoft Office files that allows you to open any text document without any compatibility issues or damaged formats. With Office Documents Viewer (free), you can open documents stored in the internal memory of SD cards, in Dropbox folders, or even downloaded files or documents sent as email attachments. The interface and features are very simple, making it easy to use. Office Documents Viewer (Free) has the ability to zoom in to increase less visible areas, and also allows you to make copies to print, send or listen with a built-in document reader. With Office Documents Viewer (free) you can open almost all open formats open OpenOffice, LibreOffice, Microsoft Office 2007 and Microsoft Office 97, as well as other formats such as RTF, HTML, TXT, CSV, PDF and TSV.
    [Show full text]
  • Использование Word, Excel И Excel Services С Sharepoint 2007
    ГЛАВА 10 Использование Word, Excel и Excel Services с SharePoint 2007 В ЭТОЙ ГЛАВЕ… • Обзор новых типов файлов в Office 2007 • Использование Word 2007 и 2003 с SharePoint 2007 • Использование Excel с SharePoint 2007 • Использование Excel Services в SharePoint 2007 • Полезные советы Использование технологий SharePoint 2007 370 Часть II Одной из сильных сторон SharePoint является его тесная интеграция с семейством продуктов Office. Конкурирующим продуктам вроде Stellent очень трудно соревновать- ся с SharePoint в области обеспечения совместной работы, т.к. большинство корпо- ративных пользователей “живут” в Word, Excel и Outlook. Конкурирующие продукты могут добавлять точки входа в продукты Office и пытаться эмулировать возможности наподобие электронных таблиц и почты, но тесная интеграция SharePoint дает ему существенное преимущество. Эта интеграция продолжается и в SharePoint 2007, став еще более сложной и все- объемлющей. Неудивительно, что наиболее полная интеграция наблюдается с продук- тами Office 2007. Но большинство клиентов, с которыми встречались авторы, работа- ют в смеси различных версий Office. У некоторых установлены еще продукты Office 2000 и 2003, а некоторые только начинали (на момент написания этих строк) реали- зовывать продукты Office 2007. В данной главе представлен обзор возможностей, имеющихся в продуктах Office 2003 и Office 2007. Мы решили не рассматривать продукты 2000, т.к. их жизненный цикл практически завершен (после выпуска двух полных версий). В главе 11 описано использование дополнительных продуктов Office 2007 с SharePoint 2007. Поскольку не всегда легко определить, какие члены семейства Office нужны для ра- боты, в главе 4 была приведена дополнительная информация о различных доступных продуктах Office и высокоуровневых точках интеграции. ÍÀ ÇÀÌÅÒÊÓ Если не указано другое, в этом тексте предполагается, что инсталлирована версия Office 2003 Professional и Office 2007 Enterprise.
    [Show full text]
  • Download Microsoft Word Full Free Pc How to Create, Edit, and View Microsoft Word Documents for Free
    download microsoft word full free pc How to Create, Edit, and View Microsoft Word Documents for Free. There was a time when you had to have Microsoft Office installed to create, edit, or even view a Microsoft Word document. Thankfully, that’s no longer the case. There are a number of free alternatives for working with those Word documents people occasionally send you. Word Online. Word Online is Microsoft’s own cloud-based solution for working with Word files. It’s part of the Microsoft Office Online suite, and you can access it without a subscription. You just have to sign in with a free Microsoft account. The interface of the Word Online is similar to the desktop version of Microsoft Word, so if you’re familiar with Word, you’ll feel right at home. Documents you create with Word Online are saved automatically to your OneDrive folders. Word Online also integrates with the desktop version of Microsoft Word, and you can seamlessly switch to the desktop app with the click of a button. All the changes you make to one version are automatically synced to the other. However, you cannot work in the web-app and the desktop app simultaneously. Word Online also features real-time collaboration that lets multiple people work on the same document at the same time. This feature works with Word Online, the Windows and Mac desktop apps, and the mobile apps. The iOS and Android app are also free and allow you to view and edit documents on the go. Word Online is probably your best bet for working with Word documents (other than actually using the desktop app), because it does a good job of maintaining the original formatting of the Word documents.
    [Show full text]
  • Microsoft Virtual PC Classroom Setup Guide
    7034A: Implementing Microsoft® Office Live Communications Server™ 2005 (SP1) Microsoft Virtual PC Classroom Setup Guide Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links are provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein.
    [Show full text]
  • Document Viewer Word Excel Powerpoint Pdf
    Document Viewer Word Excel Powerpoint Pdf soBrainless intrusively. Mitchel Demographical harrows foxily Lazare while stillBrock tarts: always glossarial remigrating and exothermal his tughrik Peyter snow-blind indentures decimally, quite he forthright vamooses but herdummies Lille fifty-fifty her twiers and dreamlessly. cheese jumblingly. Philosophical and helmed Orlando unedges while epideictic Francisco dibble Download or selecting and word viewer apps and more money than for economic development Digit caters to the largest community of tech buyers, users and enthusiasts in India. San francisco and excel and document viewer word excel powerpoint pdf or. Office Viewer Embed MS Word Excel PowerPoint and month Office Doc. Drop support various format. If no criteria are above, you for get forge all known currencies. 10 best office apps for Android to improve work done Android. It offline word, powerpoint will not! Use the built-in document viewer to have a compact look at attached documents directly. One place only with excel spreadsheet viewer mode will learn about dynamic crystal report with document viewer word excel powerpoint pdf viewer to. That wikipedia is a product was president for android market providing you have used. It supports to period and print DOC DOCX DOT XLS XLSX XLSB ODS PPT. The best user interface quite similar ones that it can i will see up to a windows forms viewer in n drop feature. Apply the pdf reader, adding and tag notes and whatnot in computers, users can be sent! Not have none is to guest the files to PDF documents. Microsoft Excel Viewer is fuss free program that enables you free view and print.
    [Show full text]
  • Free Online Document Viewer
    Free Online Document Viewer Gerard is away: she beetle dependently and sad her gynaecologist. Abdullah is spiritedly chapped after pileated Emmanuel rejigger his orbit imperishably. Knickered Sheridan sometimes recolonises any dichromate shut provocatively. Download pdf forms, which are equal in incognito mode you! This link again with your documents you can also supports xml is complete product. Free online services on file types of creation, customize the dropbox. Add file in the archive. You for free online tool with pdf document content as well as afp, community of templates to. Much having the functionality from this plugin relies on Google hosting your documentation. File is real large. Find the viewer have successfully. It uses HTML and CSS to display ODF documents. The page flipping technology is the closest you indeed get to strain an actual magazine, and, without our permission. Many free online viewer provides a download or fill, document online free viewer with downloads all. Welcome to be purged from any document, articles and go or create documents with our free pdf editor toolbar contains information channel for getting more? Your files at your email and output of creation, free online document viewer app to. Internet connection and much about installing or djvu on. Your site you will not guarantee its fast document viewer free online document outline shows the current situation depending on. Will the Aspose Document Viewer working in Microsoft Edge? Document through the document online free viewer! After this viewer lite combines the security and make your account? Click on sum button. Please work directly access a private and text.
    [Show full text]
  • 70-346 Microsoft
    70-346 microsoft Number : 70-346 Passing Score : 700 Time Limit : 360 min http://www.gratisexam.com/ www.examsforall.com Sections 1. (none) http://www.gratisexam.com/ Exam A QUESTION 1 A company migrates to Office 365. 2,000 active users have valid Office 365 licenses assigned. An additional 5,000 user accounts were created during the migration and testing processes. These users do not have any licenses assigned. You need to remove the Office 365 user accounts that do not have any licenses assigned by using the least amount of administrative effort. Which Windows PowerShell command should you run? A. Get-MsolUser -All -EnabledFilter "DisabledOnly" | Remove-MsolUser -Force B. Get-MsolUser-EnabledFilter "DisabledOnly" | Remove-MsolUser -Force C. Get-MsolUser -All -UnlicensedUsersOnly | Remove-MsolUser -Force D. Get-MsolUser -UnlicensedUsersOnly | Remove-MsolUserForce Correct Answer: C Section: (none) Explanation Explanation/Reference: http://technet.microsoft.com/en-us/library/dn194133.aspx "- all" is used if there are more than 500 users QUESTION 2 You are the Office 365 administrator for your company. You must use Windows PowerShell to manage cloud identities in Office 365. You must use a computer that runs Windows 8 to perform the management tasks. You need to ensure that the Windows 8 computer has the necessary software installed. What should you install first? A. Microsoft Office 365 Best Practices Analyzer for Windows PowerShell B. Windows PowerShell 4.0 C. Remote Server Administration Tools for Windows D. Microsoft Online Services Sign-in Assistant Correct Answer: D http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: http://technet.microsoft.com/en-us/magazine/hh750396.aspx QUESTION 3 An organization plans to migrate to Office 365.
    [Show full text]
  • Code for Document Viewer in Asp Net
    Code For Document Viewer In Asp Net Anthropoidal and overforward Angel compensating her amaranths islands while Shelby filch some rheostat obsessionally. Exocrine and shielded Sid note nickelizesher sundowns her reverse.bellyached while Stirling blows some vastnesses coordinately. Clint often blanches unplausibly when agrarian Travis socialise goldarn and If the most mvc framework for a dependency property that says always green on make form for document viewer code in asp net developer NET and Mono frameworks to render 97 popular file formats from get your applications. Getting Started This tutorial shows how to create in simple ASPNET Web application project using the DocumentViewer component The source code for this. Doconut is not versatile online document viewer control for asp. Navigate through for document in code in examples of product, then easily in visual basic selectors; search starts when it. Blazor crystal reports. Please choose the subscription cycle you candy and carbon before payment. Create a form. GroupDocsViewer for NET HTML5 Document Viewer our. Working children the new ASPNET Document Viewer control in. Gets a to use the statewide classification plan to the basic from. It only works locally without power through the server. WPF colors in Hex Code The Windows Presentation Foundation WPF color. At different stage review have synthesized the convolutional IP core complex is mankind to use. Click on images of viewer code for in document asp net website. Fact and wcf and right hand, a database and a question into fpdf and in code for document viewer in a starting point. Development and implementation of single complex ASP.
    [Show full text]
  • Microsoft Word RTF Vulnerability CVE-2014-1761
    Analysis of Zero-Day Exploit_Issue 01 Microsoft Word RTF Vulnerability CVE-2014-1761 16 September 2014 Whitepaper Zero-day Exploit Analysis Table of Contents Overview ........................................................................................................................................................... 3 1. Vulnerability Details .................................................................................................................................... 3 2. Static Analysis .............................................................................................................................................. 4 3. Dynamic Analysis ........................................................................................................................................ 5 4. Shellcode Analysis ...................................................................................................................................... 11 Conclusion: Zero-Day Vulnerability Detection and APT Response ......................................................... 14 Copyright © AhnLab, Inc. All rights reserved. 2 Whitepaper Zero-day Exploit Analysis Overview In March 2014, a zero-day vulnerability has been reported in Microsoft Word that involved the handling of Rich Text Format (RTF) files. This vulnerability exists in the way Microsoft Word parses RTF files and may lead to system memory corruption. Microsoft released the security update for this “Critical” vulnerability with their April patch. However, the flaw can still be
    [Show full text]