Wednesday, November 6, 2013

Don't open Microsoft Office documents sent to you via email

Certainly not from people you don't know, and it's probably a good thing to reply to senders you do know asking if they actually sent the original email.  There's a new security bug that is being exploited in the wild where attackers send a word document containing the attack:
Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue. The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment.  If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document.  An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.
If you follow the link to Microsoft's announcement they have links to tools that will make you safe until they come out with a patch to fix it.

3 comments:

Ratus said...

When has it ever been safe to open an emailed Office document?

R.K. Brumbelow said...

Reminds me of the (very dated) joke: If you run I.B.M. Antivirus on a Windows 95 machine and select repair all does it uninstall '95 and replace it with OS/2?

So unless the link they provide is to LibreOffice I am not interested.

Heroditus Huxley said...

I never do open docs from people I don't know, or docs that I don't expect.

That said, I do open a lot of Word docs. I teach college composition, and get a lot of papers turned in by email.

Hopefully that won't be a problem...