Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft: Office Vulnerability Under Attack, Prioritize Patch

Microsoft is urging businesses to prioritize a patch for Microsoft Office in order to thwart a spate of ongoing, targeted attacks that have appeared in the wild.

Microsoft is urging businesses to prioritize a patch for Microsoft Office in order to thwart a spate of ongoing, targeted attacks that have appeared in the wild.

The vulnerability is covered in bulletin MS13-051, and can be exploited by an attacker to remotely execute code if a user opens a specially-crafted Office document using a vulnerable version of Microsoft Office software, or previews or opens a malicious email in Outlook while using Microsoft Word as the email reader.

According to Microsoft, there have been limited, targeted attacks attempting to exploit the issue, which is rated ‘Important’ for Microsoft Office 2003 and Office for Mac 2011.

“It’s disappointing to see that Mac users of Microsoft software get the short end of the stick when it comes to security,” said Tyler Reguly, technical manager of security research at Tripwire. “You have to wonder how a vulnerability that only affects Office 2003 is also in Office for Mac 2011. As a Mac user, I find this advisory very disconcerting.”

The patch for the vulnerability is tucked within a number of other updates in this month’s Patch Tuesday. All totaled, 23 vulnerabilities across Internet Explorer, Windows and Office were fixed. Nineteen of the vulnerabilities are in the critical update for Internet Explorer.

“Four out of these 19 vulnerabilities (CVE-2013-3112,CVE-2013-3113CVE-2013-3121, and CVE-2013-3142) affect every supported version of Internet Explorer, so attackers will be targeting these vulnerabilities prior to attempting to exploit any of the others,” said BeyondTrust CTO Marc Maiffret. “Also, while the script debugging vulnerability grants remote code execution, it will not be a target for attackers, since it requires far more user interaction than a simple drive-by exploit would require.”

Default Internet Explorer configurations are not vulnerable since script debugging must be enabled, he said.

“Attackers will not want to rely on users to correctly start debugging scripts on a web page, so they will be focused on one or more of the memory corruption vulnerabilities,” he explained. 

Dustin Childs, group manager of response communications for Microsoft Trustworthy Computing, blogged that the company has not yet detected any attacks utilizing the IE vulnerabilities.

“For those who need to prioritize deployment, we recommend focusing on MS13-047 and MS13-051 first. As always, customers should deploy all security updates as soon as possible,” Childs noted. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.