Just previewing an Outlook email could infect your computer. Microsoft warns of zero-day flaw


RTFMicrosoft has warned computer users that malicious hackers are exploiting a previously unknown vulnerability in Microsoft Word, in order to infect computers with malware.

Worryingly, the zero-day attack means that users’ computers can be infected simply by *previewing* a specially crafted email message in Microsoft Outlook.

In other words, it’s not necessarily to actually open an malicious attachment or click on a dangerous link to put your computer in danger.

Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted [rich text format] RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

Although Microsoft states that the targeted attacks it has seen so far have been directed at users of its Word 2010 product, it’s clear that the remote code execution flaw also exists in Microsoft Word 2003, 2007, 2013, as well as Office for Mac 2011.

Microsoft Outlook 2007, 2010 and 2013 all use Word by default as the email reader.

Microsoft is hopefully beavering away on a proper patch, but in the meantime they recommend that users consider applying their temporary Fix it solution which disables the opening of RTF content in Microsoft Word, or switch to reading emails in plain text format.

For more information on how to configure Microsoft Outlook 2003, 2007, 2010 and 2013 to read emails in plain text format, check out the following Microsoft knowledgebase articles:

This isn’t, of course, the first time that malware has been able to infect computers just by emails being read (as opposed to links being clicked on, or attachments opened).

Readers with long memories may remember the BubbleBoy and Kakworm attacks, for instance. Kakworm became particularly widespread at the tail end of the 1990s, exploiting a security hole in Microsoft Outlook Express to spread its viral code around.

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

3 Responses

  1. Matt

    March 25, 2014 at 3:16 pm #

    Another notch in the coffin of a once great empire. Like Venice or Spain?

  2. Paul

    March 26, 2014 at 4:08 pm #

    Time to check out the free & feature-packed LibreOffice. Its truly multi-platform & takes just a few minutes to install.

    Try it you have so much to gain: www.libreoffice.org/download

    Feel Thunderbird is great too.

  3. Ken Harthun

    March 28, 2014 at 2:21 pm #

    I’ve been writing about security since 2004. In my “14 Golden Rules of Computer Security” series, started in 2005, Rule #6 recommended turning off preview in any email client: http://itknowledgeexchange.techtarget.com/security-corner/golden-rule-sharp-6-turn-off-message-preview-in-your-email-client/

    I’m surprised that it takes a zero-day vulnerability for Microsoft to notice and recommend the same thing.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.