Microsoft has announced a vulnerability in Word 2010. For those of you who aren’t intimately familiar with Microsoft Office products, Microsoft Word is the default reader for Outlook 2007, Outlook 2010 and Outlook 2013.
If you’re using Microsoft Outlook as your email program, this could affect you.
Why would a company dedicated to website security make you aware of this?
This particular vulnerability exposes your local computer to remote code execution exploitation. This means that if a hacker sends you a carefully crafted email message in RTF format, just previewing the message in Outlook, with Word 2010 as your default reader, would allow remote code to be executed on your computer – which means your computer could be infected.
We want to bring this to your attention so that you update all your software. If your local computer gets infected the hackers could steal your login credentials to your hosting account, your CMS (WordPress, Joomla, etc.), login to your account and infect your website.
We are concerned with your website security, but along with this comes being concerned about your local computer security as well.
We’ve stated this before, but it becomes clear in Microsoft’s announcement that the attacker, if successful, will have the same rights as the currently logged in user. If you login to your local computer as administrator, guess what? The hacker will have the same rights – administrator.
An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
It’s advised that you create a separate “user” account on your computer. This user does not have the ability to install programs. If you want to install a new program on your computer, you logout as this user, login as administrator, install the software, then logout as administrator, login as the user and proceed with your normal activity.
Yes, this is not the most convenient way, however, neither is having your computer compromised.
Always keep your local computer software updated. This helps us keep your website security at the highest level.
Please post a comment if you find this helpful. Tweet this to your friends and family.