Following the news that a new zero-day vulnerability that affects all supported versions of Microsoft Word has been uncovered and is already being used to launched attacks, Paul Farrington,  Manager, EMEA Solution Architects at Veracode commented below.

Paul Farrington,  Manager, EMEA Solution Architects at Veracode:

Paul Farrington “Clearly the fact that the RTF file is able download the malicious HTML that enables local execution of malware points a lack of control in interpreting untrusted input from the outside world. The Microsoft engineers will not only need to devise a patch for this vulnerability, but also to remodel their threat assessment of this type of file interaction. They will need to make the opening of untrusted Word documents a viable option once again, else a major benefit of this word processing software would be seriously weakened, i.e. the portability of the document. For now, the advice to only open trusted documents, is both pragmatic and necessary until patches for this zero-day become generally available.”

Subscribe
Notify of
guest

0 Expert Comments
Inline Feedbacks
View all comments
Information Security Buzz
0
Would love your thoughts, please comment.x
()
x