Microsoft Word users, take note: The program is experiencing what the company calls “limited, targeted attacks,” which means some people are going to get smacked with malware unless they’re careful. The attack encourages users with Microsoft Word 2010 to open a file with an .rtf extension. The file is seemingly innocuous, but beware, it’s packed with a lot of malware.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” Microsoft explained.
Opening an .rtf file isn’t unusual for Word users, since that’s the default file format if you’re switching from Apple’s TextEdit. But Microsoft recommends blocking all .rtf files just to be on the safe side. There’s another route the attack can take: If you preview an .rtf email message in Microsoft Outlook while using Microsoft Word as your document viewer, you could become vulnerable. Switching your document viewer is another security precaution worth taking.
Now, the attacks aren’t happening at random. When Microsoft refers to targeted attacks with a limited audience, it means that the hack is aimed at a small group that might be a specific company or organization. But we don’t know which group or organization it is, or whether the attackers will widen their circle of victims in the future.
Even though Microsoft emphasized that the attack is not widespread or random, to protect worried customers it offered a one-click “fix-it” on its blog yesterday. So if you want to make sure your computer isn’t getting a nasty malware infection, you don’t need a lot of technical know-how to set up a safeguard.
The most recent high-profile hacks Microsoft has grappled with involve the Syrian Electronic Army, though those attacks were not targeted at users.