Microsoft normally waits until the second Tuesday of each month, otherwise known as "Patch Tuesday", to release security updates for its software products. Today, Microsoft has issued a out-of-schedule security advisory for an exploit that affects all current and older supported versions of its Word program.
In a post on their security response blog, Microsoft says that the issue was found after a "limited" number of attacks against Word 2010 had been reported. The post added:
An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer.
The company has already released a manual "Fix-it" patch that should close the Word exploit; downloading and installing the patch will not require a reboot of the PC. Microsoft says that installing the Enhanced Mitigation Experience Toolkit (EMET) will also help defend a PC against this software hole. In addition to all Windows and Mac versions of Word, the patch will also fix the same issue in Word Viewer and Word Automation Services on Microsoft SharePoint Server.
It is likely that Microsoft will issue an update for the Word vulnerability with the next "Patch Tuesday" on April 8th so if you forget to download the patch, Microsoft will install it for you.
Source: Microsoft | Image via Microsoft
11 Comments - Add comment