A warning about this month’s security patches

Topic

New Reply

If you can’t avoid Word’s “Enable Editing” button, you’re better off installing this month’s .NET patches right now. If you’re running Win10, yes, tha
[See the full post at: A warning about this month’s security patches]

Reply | Quote

Replies

Would changing the Mime type (file association) for RTF documents from Word to Wordpad help, or is this an issue for any word processor in Windows 10?

Reply | Quote

If I have Windows 7 x64 and .Net Framework 4.6.1, should I go for security-only or the monthly because when I tried to download KB4041090 none of the links provided update for 4.6.1.

Reply | Quote

Never mind I got it.

Reply | Quote

Might another work-around be to open Word documents in a program other than MS Office, such as Libre Office (thus forestalling the need to install the .NET update)?

Reply | Quote

Wordpad is indeed a safe alternative for opening RTF files, the vulnerability does NOT exist.

Reply | Quote

That’s quite correct, Ed. The trick is that it’s a two-step process: Download first, then start WordPad and open from there.

Reply | Quote

JohnF76, that approach will work with RTF files, but it’s possible to change an RTF filename to .DOC and still have it work.

Reply | Quote

Wait… what? You’ve got me a bit confused here Woody.

Are you saying that if I change the default program to open RTF files from Word to Worpad I will still be vulnerable if I double click on an RTF file to open it?

Reply | Quote

Ensuring the .rtf file association is to Wordpad and NOT Word is a temporary fix until MS_DEFCON 3 is reached.

Windows - commercial by definition and now function...

Reply | Quote

Sorry, I should’ve been more clear. You can create an RTF file then change the filename so it ends in DOC. Word will open the file properly.

Thus changing the file association for “RTF” may not work in all cases.

I haven’t seen any of this in the wild of course. As far as I know, the only booby trapped RTF file is the Russian-language one described in the article.

(UPDATE: I may have this backward. You can rename a DOC file with an RTF filename extension and it’ll open properly in Word. I’m not sure if the reverse is true.)

(Another update: Looks like I got it right in the first place. See this description of a booby trapped RTF file that was renamed DOCX: http://blog.malwaretracker.com/2014/05/cryptam-document-analysis-openxml.html)

Reply | Quote

CVE-2017-8759 can also be exploited via PowerPoint and Excel.

2 users thanked author for this post.

Elly, Bob99

Reply | Quote

I’m leaning towards installing the .NET patch since other people use my computer who may press the “Enable Editing” button.

Interestingly, when I went to look at the article for KB 4040960 at

https://support.microsoft.com/en-au/help/4040960/description-of-the-security-only-update-for-the-net-framework-4-5-2-fo

and clicked on the link to the Microsoft Update Catalog, the updates offered appear to be a different number: KB 4041090

Any advice / comments? Thanks.

 

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Reply | Quote