Microsoft’s latest Word security hole, KB 2953095, is part of an on-going embarrassment

Topic

New Reply

Has everybody forgotten that RTF – the sticking point in the latest zero-day, and dozens of zero-days before it – was invented and controlled by Micro
[See the full post at: Microsoft’s latest Word security hole, KB 2953095, is part of an on-going embarrassment]

Reply | Quote

Replies

I’m running Office 2013, & it updates as Click-to-Run. The most recent release is version 15.0.4569.1508, which relates to KB2937335 & is the March update. When I’m in Word 2013 & click File for the Backstage, then click Account, Office Updates says the version is 15.0.4454.1511. I don’t use RTF & haven’t for a long while, but should I leave things as is for now? I’m afraid if I disable & re-enable updates, KB2953095 will install & I don’t more headaches than I already have! Thanx & answer when work allows.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

Woody,
I have over 300 .RTF files in a XP pc.

Lots of them are EULA.RTF files for various programs I have installed.

Some are files I made using WordPad.
Are the ones I made at risk because of this security hole – KB2953095?
What about those EULA files?

Thanks a lot for sharing these things with us.
MoreOff

Reply | Quote

Woody,

Does this vulnerability apply to my AOL.com e-mail?

Should I apply the MsFixit solution?

Thanks

Reply | Quote

@Linda –

AOL.com doesn’t use Word to render messages – so in that respect, you’re safe. But you need to be careful about opening RTF files with Word.

Reply | Quote

@MoreOff –

If you created the files, or you got them from legit sources, I wouldn’t worry.

The big problem comes from RTF files you open intentionally, or RTF messages previewed in Outlook. Easy solution is to switch to Gmail (or Outlook.com). That’s what I did more than a year ago, and it was the best email change I’ve ever made.

Reply | Quote

@Bill –

Click-to-Run versions of Word haven’t been updated yet. Chances are good they’ll be updated as soon as MS releases a “real” fix for Word. Bottom line: don’t sweat it.

Reply | Quote

@woody

“If you created the files, or you got them from legit sources, I wouldn’t worry.

The big problem comes from RTF files you open intentionally, or RTF messages previewed in Outlook. Easy solution is to switch to Gmail (or Outlook.com). That’s what I did more than a year ago, and it was the best email change I’ve ever made.”

Woody,
I use Thunderbird for Email from AT&T through Yahoo!.
TB is Set NOT to “Show Remote Content”.
I tried Outlook a long time ago for a week or two.
Many years later I started using TB for Email.

I don’t have any Gmail or Outlook.com Email Accounts.
I like using TB, should I expect any RTF problems the way I have it set up?

I have an old JUNO web mail account I check once in a while in case someone still that address for me in their Address Book.

Thanks for the help.

Reply | Quote

Since I already run Linux, I’m being extra vigilant to open my many RTF docs in the Linux partition. Problem solved.

Reply | Quote

@MoreOff –

Thunderbird’s fine, and you don’t need to do anything – as long as you don’t open any strange RTF files with Word.

Reply | Quote

@woody
“Thunderbird’s fine, and you don’t need to do anything – as long as you don’t open any strange RTF files with Word.”

Thanks Woody,
I use ApacheOpenOffice to read a .DOC file I get every month in a Email from someone I know.

I Save the .DOC and Scan it with Malwarebytes and SuperAntiSpyware before I open it in AOO.
I’nm too paranoid to open a .DOC in TB.

I Will watch out if I ever get a .RTF in a Email, Thanks!

Reply | Quote

Scanning .DOC files with AV/AM may work, but I’m not so sure for the RTF-Word bug. Not at this time, anyway.

Reply | Quote