With our free press under threat and federal funding for public media gone, your support matters more than ever. Help keep the LAist newsroom strong, become a monthly member or increase your support today .
Microsoft warns that emails with RTF files attached can let hackers take over your computer
An image showing the structure of the malicious RTF files.
(
Microsoft
)
Code from malicious RTF documents that looks for the code to execute and take over users' computers.
(
Microsoft
)
Microsoft released an emergency security alert noting a vulnerability in Microsoft Word that would allow hackers to take over users' computers. Their way in: RTF files, a widely used word-processing format. It can even affect users when the files are seen in preview mode, such as through Microsoft Outlook.
According to Microsoft's Monday advisory, the attacks using this exploit are targeting users of Microsoft Word 2010, but the vulnerability exists in other versions of Word. The attacks also affect Outlook users who have Word set as their email viewer, which is the default in Outlook 2007, 2010 and 2013.
The way it works is that specially formatted RTF files have code in them that corrupts your computer's system memory, then allowing the hackers to execute their own code.
Hackers can exploit this vulnerability either through email or a Web-based attack, according to Microsoft. In the Web-based scenario, a site could contain one of the specially formatted RTF files.
Support for LAist comes from
As Microsoft notes, "compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability." It notes that while users wouldn't be forced to go to the site, they could be taken to the site through a link in an email or instant message.
Microsoft advises disabling the opening of RTF files in Microsoft Word to avoid these attacks. Other suggested workarounds included making Word open RTF files in Protected View, reading emails in plain text and using Microsoft Office File Block to prevent the opening of RTF files in Word 2003, 2007, 2010 and 2013.
Microsoft says that they are still investigation the vulnerability and may release a security update either as part of their monthly security updates, or release a special update outside of the monthly release. They also reminded customers to follow their general guidance of using a firewall, applying all software updates and using antimalware software.
While the attacks Microsoft says it is currently aware of targets Microsoft Word 2010, the alert also warns that affected software includes Microsoft Word 2007, 2010, 2013, Office for Mac 2011 and several other pieces of software. You can read the full list on Microsoft's website.
An automated "Fix It" tool is also being offered by Microsoft.
You can read a more technical explanation from Microsoft's Security Research and Defense Blog, including advice for business enterprise networks.
At LAist, we believe in journalism without censorship and the right of a free press to speak truth to those in power. Our hard-hitting watchdog reporting on local government, climate, and the ongoing housing and homelessness crisis is trustworthy, independent and freely accessible to everyone thanks to the support of readers like you.
But the game has changed: Congress voted to eliminate funding for public media across the country. Here at LAist that means a loss of $1.7 million in our budget every year. We want to assure you that despite growing threats to free press and free speech, LAist will remain a voice you know and trust. Speaking frankly, the amount of reader support we receive will help determine how strong of a newsroom we are going forward to cover the important news in our community.
We’re asking you to stand up for independent reporting that will not be silenced. With more individuals like you supporting this public service, we can continue to provide essential coverage for Southern Californians that you can’t find anywhere else. Become a monthly member today to help sustain this mission.
Thank you for your generous support and belief in the value of independent news.
Chip in now to fund your local journalism
(
LAist
)
Trending on LAist
-
Immigration raids have caused some U.S. citizens to carry their passports to the store, to school or to work. But what documents to have on you depends on your citizenship. -
The historic properties have been sitting vacant for decades and were put on the market as-is, with prices ranging from $750,000 to $1.75 million. -
Users of the century old Long Beach wooden boardwalk give these suggestions to safely enjoy it. -
The Newport Beach City Council approved a new artificial surf park that will replace part of an aging golf course. -
The utility, whose equipment is believed to have sparked the Eaton Fire, says payouts could come as quickly as four months after people submit a claim. But accepting the money means you'll have to forego any lawsuits. -
The City Council will vote Tuesday on a proposal to study raising the pay for construction workers on apartments with at least 10 units and up to 85 feet high.
Best of LAist