Word Users are Under Attack and Microsoft Ignores
I was reading BI and one title caught my eyes:
Microsoft Word Is Under A Hack Attack: Do Not Open Documents Named '.RTF'
BI continues to write:
"This is the very worst kind of attack. A hacker that manages to get people to open the booby-trapped file can gain control of your computer."
Now, you would think, Microsoft will help its users notifying or warning. Now this is what Microsoft blog writes on the same topic:
Security Advisory 2953095: recommendation to stay protected and for detections
Now, if I read Microsoft’s blog, I would totally ignore it.
This is what Microsoft website reads:
Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution, "Disable opening RTF content in Microsoft Word," prevents the exploitation of this issue through Microsoft Word. See the Suggested Actions section of this advisory for more information.
The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013
All I am trying to figure out, what is wrong this this picture? Either Microsoft think, it’s is not a big deal OR it is more worried about their brand than the consumers.
I think, Microsoft be more aggressive and honest with consumers.
What do you think?