Skip to main content

Security Alert: New Targeted Microsoft Word Zero Day

March 24, 2014

Microsoft has recently become aware of a potentially dangerous exploit in Microsoft Office using an RTF (Rich Text File) or Microsoft Outlook with Microsoft Word configured as the primary document viewer (KB2953095/CVE-2014-1761). User interaction is not required through this exploit as viewing the file through the preview pane could still lead to an infection. Once infected, the exploit allows the attack to gain remote access into the targeted system and give the attacker the same user rights as the user currently operating the machine.

While the primary vector of attack has targeted Microsoft Office Word 2010, researchers say that the vulnerability can affect Word 2003, 2007, 2013, Office 2013 RT, Office for Mac, Office Web Apps 2010 and 2013 and Word Viewer.

The recent discovery of this vulnerability has led Microsoft to release the “Fix It Solution” as recommended on its vulnerability release which disables opening RTF content in Microsoft Word until a complete patch is available.

While information on this vulnerability is still coming to light, it is important that vulnerabilities such as this are communicated to personnel at all levels with the recommendation of viewing emails in “plain text only” until a full patch of the vulnerability can be released.

The danger of this exploit lies just as much in the ease of attack as the inherited remote access user privilege level gained. Any unexpected emails that contain a RTF should not be viewed due to the ability of preview mode in Outlook still able to infect the targeted machine.

At this time, Microsoft does not, or has not released information concerning who is being targeted by this attack. FishNet Security recommends that all users of Microsoft Word take precaution at this time and ensure the best practice of least privilege is followed.

Additional Information

Microsoft Security Tech Center | March 24, 2014

The Threat Post | By Michael Mimoso | March 24, 2014

Related Blogs

March 05, 2015

Why do they call it DLP?

I always have to ask myself every time I hear the acronym “DLP.” Why do they call it that? There is no “prevention” in most DLP. It should be called D...

See Details

February 05, 2015

GHOST Vulnerability Puts Linux Systems at Risk | Optiv

A critical security vulnerability in the GNU C library, CVE-2015-0235 (a.k.a. “GHOST”), was reported on January 27, 2015. Many Linux systems are vulne...

See Details

January 15, 2015

DDoS Attacks Are Seldom What They Seem

In performing incident response over the years, I have frequently been pulled into DDoS incidents. These calls don’t come in every day, but they are p...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


June 16, 2014

Planning for a DDoS Attack

Last week several prominent DDoS (distributed denial of service) attacks were in the news, specifically targeting the popular note-taking app Evernote...

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

July 14, 2017

Endpoint Security Solutions

Learn how we help you identify your endpoint security gaps and find the right solutions.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.