Print this page
Thursday, 10 May 2012 12:17

Rich Text Format Flaw Leaves OSX and Windows Vulnerable If Running MS Office

Written by

Reading time is around minutes.

News_light-virus-1In the IT world there was a time when we all feared the Marco viruses that could be embedded into Word, Excel and other Microsoft Office Products. It was bad enough at one point that I found a single system with over 3,200 counts of an Excel Macro virus (it replicated itself quite nicely). Back then it was common for IT to recommend the use of RTF (Rich Text Format) instead of .DOC for documents and there was even an option inside exchange to force the use of this format even if the end user has Word as their email editor.

Now it seems that even the RTF formatting is not safe. Back in November of 2010 a stack overflow flaw was found that could allow someone to use a corrupted .rtf document to gain control over a system and execute the code they wanted (most commonly to inject malware on the system). Now there is another one that has been leveraged against Microsoft Office (and Word in particular) that uses the .RTF format to achieve its goal. This time the flaw takes advantage of Word  (and Outlook if you are using Word as your email editor) on both Windows and Apple PCs.

The flaw affected unpatched versions of Office 2010, as well as Office 2003 and 2007 with the compatibility packs. According to Microsoft Security Bulletin MS12-029 released on May 8th this is a critical issue:

“This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

Now we have told you that updates and patches are the bane of any organization and many users still do not like to update because of the time it take and the fear that one “fix” might break something else. On Windows it has become the default to force updates during shutdown, but that does not always cover all applications since you have to manually tell Windows you want to include them. OSX users are in an even worse boat as the updater in OSX cannot be configured to update Microsoft Products. To make sure you have the latest patches you have to use the Microsoft Office Updater utility or download them directly from Microsoft.

To see if you have already patched this (the patch should have come out on the 8th as well) you can look for patches shown in the screen shot below. This new vulnerability although through a Microsoft product still highlights the relatively unprotected world that Apple systems live in. In the Windows world there are still dozens or malware detection and prevention applications that can detect these files before they are opened. In Apple’s world the pickings are much smaller.
MS-RTF_KBs
Discuss this in our Forum

Read 2798 times Last modified on Thursday, 10 May 2012 12:27
Sean Kalinich

Latest from Sean Kalinich

Related items