Microsoft has issued a critical patch for a vulnerability affecting Microsoft Office and WordPad. The vulnerability allows Rich Text Format (RTF) documents to run scripts when opened. Malicious email campaigns using this vulnerability to install the Dridex banking trojan and other malware have been reported.
- Apply the relevant Microsoft patches as soon as possible to all Windows machines.
- Do not open attached documents from unknown sources.
- It has been reported that having Protected View enabled in MS Office prevents the exploits from working, however there are known bypasses; Protected View should not be relied upon as adequate mitigation.
- The vulnerability does not affect Microsoft Office on Mac OS X.