Dangerous .RTF Zero day flaw in ten year span of code for Word

[Gary]

Microsoft has warned its Word software is vulnerable to a newly discovered dangerous bug – which is being exploited right now in "limited, targeted attacks" in the wild. There is no patch available at this time.

Microsoft Word 2003, 2007, 2010, 2013, and Office for Mac 2011 are vulnerable, according to Redmond. Microsoft Office Web Apps, Automation Services on SharePoint Server 2010 and 20103, and Outlook 2007, 2010 and 2013 when using Word as the email viewer, are also affected.

There is an enhanced mitigation tooklit available here http://technet.microsoft.com/en-US/security/jj653751

Article here http://www.theregister.co.uk/2014/03/24/microsoft_rtf_vuln/

[Technical Ben]

Oh well, will move over to libre then. 

[Gary]

Sadly many people including students can't easily rid themselves of such bad code due to the necessity of having to use Word in certain work and learning environments...

[Lance]

It's amazing that an exploit which has presumably been around since Word 2003 was released has only recently become an issue.

[Gary]

It's amazing that an exploit which has presumably been around since Word 2003 was released has only recently become an issue.

Maybe one of the new versions made the .RTF flaw more apparent, or easily accessible and they just reverse engineered it, which does show how little some MS code has changed in a decade... 

[colirv]

I wonder how common .rtf files are. I've never found occasion to use one, or come across one for that matter.

[nowster]

They're often used when trying to avoid the possibility of Word macro viruses, eg. http://www.bbc.co.uk/programmes/b00kvs8r/features/submission-rules

[Clive]

Some of us are still smugly using Word 2000.   

[Gary]

Some of us are still smugly using Word 2000.   

Or you have even more security issues but it just doesn't get patched anymore