News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft’s latest Word security hole, KB 2953095, is part of an on-going embarrassment

    Posted on March 25th, 2014 at 21:46 woody Comment on the AskWoody Lounge

    Has everybody forgotten that RTF – the sticking point in the latest zero-day, and dozens of zero-days before it – was invented and controlled by Microsoft?

    InfoWorld Tech Watch.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Microsoft’s latest Word security hole, KB 2953095, is part of an on-going embarrassment

    This topic contains 11 replies, has 3 voices, and was last updated by

     WildBill 2 years, 1 month ago.

    • Author
      Posts
    • #53246 Reply

      woody
      Da Boss

      Has everybody forgotten that RTF – the sticking point in the latest zero-day, and dozens of zero-days before it – was invented and controlled by Micro
      [See the full post at: Microsoft’s latest Word security hole, KB 2953095, is part of an on-going embarrassment]

    • #53247 Reply

      WildBill
      AskWoody Plus

      I’m running Office 2013, & it updates as Click-to-Run. The most recent release is version 15.0.4569.1508, which relates to KB2937335 & is the March update. When I’m in Word 2013 & click File for the Backstage, then click Account, Office Updates says the version is 15.0.4454.1511. I don’t use RTF & haven’t for a long while, but should I leave things as is for now? I’m afraid if I disable & re-enable updates, KB2953095 will install & I don’t more headaches than I already have! Thanx & answer when work allows.

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

    • #53248 Reply

      MoreOff

      Woody,
      I have over 300 .RTF files in a XP pc.

      Lots of them are EULA.RTF files for various programs I have installed.

      Some are files I made using WordPad.
      Are the ones I made at risk because of this security hole – KB2953095?
      What about those EULA files?

      Thanks a lot for sharing these things with us.
      MoreOff

    • #53249 Reply

      Linda

      Woody,

      Does this vulnerability apply to my AOL.com e-mail?

      Should I apply the MsFixit solution?

      Thanks

    • #53250 Reply

      woody
      Da Boss

      @Linda –

      AOL.com doesn’t use Word to render messages – so in that respect, you’re safe. But you need to be careful about opening RTF files with Word.

    • #53251 Reply

      woody
      Da Boss

      @MoreOff –

      If you created the files, or you got them from legit sources, I wouldn’t worry.

      The big problem comes from RTF files you open intentionally, or RTF messages previewed in Outlook. Easy solution is to switch to Gmail (or Outlook.com). That’s what I did more than a year ago, and it was the best email change I’ve ever made.

    • #53252 Reply

      woody
      Da Boss

      @Bill –

      Click-to-Run versions of Word haven’t been updated yet. Chances are good they’ll be updated as soon as MS releases a “real” fix for Word. Bottom line: don’t sweat it.

    • #53253 Reply

      MoreOff

      @woody

      “If you created the files, or you got them from legit sources, I wouldn’t worry.

      The big problem comes from RTF files you open intentionally, or RTF messages previewed in Outlook. Easy solution is to switch to Gmail (or Outlook.com). That’s what I did more than a year ago, and it was the best email change I’ve ever made.”

      Woody,
      I use Thunderbird for Email from AT&T through Yahoo!.
      TB is Set NOT to “Show Remote Content”.
      I tried Outlook a long time ago for a week or two.
      Many years later I started using TB for Email.

      I don’t have any Gmail or Outlook.com Email Accounts.
      I like using TB, should I expect any RTF problems the way I have it set up?

      I have an old JUNO web mail account I check once in a while in case someone still that address for me in their Address Book.

      Thanks for the help.

    • #53254 Reply

      rc primak

      Since I already run Linux, I’m being extra vigilant to open my many RTF docs in the Linux partition. Problem solved.

    • #53255 Reply

      woody
      Da Boss

      @MoreOff –

      Thunderbird’s fine, and you don’t need to do anything – as long as you don’t open any strange RTF files with Word.

    • #53256 Reply

      MoreOff

      @woody
      “Thunderbird’s fine, and you don’t need to do anything – as long as you don’t open any strange RTF files with Word.”

      Thanks Woody,
      I use ApacheOpenOffice to read a .DOC file I get every month in a Email from someone I know.

      I Save the .DOC and Scan it with Malwarebytes and SuperAntiSpyware before I open it in AOO.
      I’nm too paranoid to open a .DOC in TB.

      I Will watch out if I ever get a .RTF in a Email, Thanks!

    • #53257 Reply

      rc primak

      Scanning .DOC files with AV/AM may work, but I’m not so sure for the RTF-Word bug. Not at this time, anyway.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft’s latest Word security hole, KB 2953095, is part of an on-going embarrassment

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: