We spent the last year advising people to patch their systems and applications and adopt good security practices, to be wary of RansomWare vectors like mail from unknown senders and drive by malware drops and then from nowhere the rug is pulled from under your feet.
On Monday (24 March 2014), Microsoft published Security Advisory 2953095 (http://technet.microsoft.com/en-us/security/advisory/2953095) which in its very dull way tells us that there is a bug on the bit of code that opens RTF documents in Word and Outlook (pretty much all versions) which enables an attacker to run code on your machine.
That’s right, someone can infect your machine by sending you an RTF document which you preview or open, right now. To make matters worse it appears that this attack has already been seen in the wild. Eeeek.
These sort of attacks using ‘specially crafted RTF files’ have been seen a number of times in the past and a number of security researchers have linked the exploitation of RTF as having shadowy links to the Intelligence community, what a surprise.
Since we know that our very own governments appear hell bent on reading our instant messages and know our browsing and, err other habits (but can’t find a Boeing 777), this has to be a highly likely scenario.
Here’s what you can do to minimise the chances of this happening to you:
- Block RTF files at your email gateway
- Use Microsoft’s Fix It solution to stop word being able to open RTF https://support.microsoft.com/kb/2953095
- Use plain text in email
- If you are really scared and have a week or so to spare, consider running word under the snappily named Microsoft Enhanced Migration Experience Toolkit (EMET) sandbox environment
Please make sure you implement the patch when it becomes available and make sure that your Word and Outlook are already patched for the previous RTF issues, we can assume that can’t we….