Ancient Microsoft Word malware threat returns from the grave

Patch includes fix for RTF files vulnerable to same Word Macros that ruined .DOCs in the '90s

The big news from Microsoft's weekly security and stability patch was that it finally plugged the hole in its version of TrueType Font used by some versions of the highly adaptable DUQU malware, which may be a next-generation, espionage-oriented version of the cyberwar Trojan Stuxnet.

Microsoft actually patched the Duqu vulnerability months ago in a series of patches and updates, according to PCWorld.

This patch replaces several earlier fixes with a single, overarching set of patches. That makes things more convenient for those whose machines are still vulnerable. It makes things more difficult for those who installed the previous series of patches on banks of end-user machines, who must now fix the same flaw yet again, while making sure the new patches don't create conflicts with the old that might make Windows itself unstable.

One minor surprise in that fix: It's not just machines running Microsoft Office that are at risk; those running Silverlight or .NET are vulnerable as well.

The less-obvious but far more interesting news was that Microsoft patched a hole making Windows vulnerable to a whole class of exploit Microsoft supposedly shut the door on years ago.

During the mid- to late-'90s, one of the most successful ways to infect a Windows machine was to write a virus disguised as a Word macro, or one buried as a self-launching stealth macro in .DOC files for Microsoft Word.

The problem was so common and filters so unreliable that many companies shifted from Word's standard .DOC format to Rich Text Format (RTF), which displayed most of the text formatting from Word documents but wouldn't run macro files.

Now Microsoft is warning that a vulnerability in Microsoft Office that would launch a malware payload when users launch RTF documents widely supposed to be safe.

The flaw, reported by one of Microsoft's network of bug catchers, would give attackers who poisoned an RTF file in the right way the same access rights as the user who launched them, giving hackers a back door or remote control over even the PCs of users who believed they were being careful by not opening image or executable files from strangers.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies