On Monday morning, representatives from Microsoft announced they had discovered a new zero-day exploit in the wild, one which exclusively preys on their primary publication program, Microsoft Word.
Microsoft Word has become a prime target for hackers and pentesters over the past few years, as engineers behind the project struggle to match the security of the platform to its rapidly expanding series of features that either directly sync with online services, or export documents to websites like Google and Dropbox for offline storage and processing.
Although all versions of Word are currently at risk for exploitation through the hole, it seems the majority of the focus has been placed on the shoulders of Microsoft Word 2010, which inherently carries flaws that more recent updates had already ironed out as part of their development process.
The attack vector was first discovered by three security researchers at Google, oddly enough, and for the time being Microsoft has issued a temporary fix through Knowledge Base that disables support for the .RTF format on Word and all its associated applications.
The Redmond, WA tech titan has also expressed concern that Outlook could be tricked into opening an infected .RTF file, and fall victim to the same issues that users of Word might experience if they aren’t careful about the attachments they view inside of the Office ecosystem.
As of the bulletin, other services affected by the hole include Word Viewer, Word Automation Services, and Microsoft Sharepoint Server.