Researcher Offers Unofficial Fix For Word Bug - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:28 PM

Researcher Offers Unofficial Fix For Word Bug

The unsanctioned script modifies the Windows registry so that Word runs in a restricted mode, making it immune to the current crop of exploits.

Microsoft on Monday posted a security advisory detailing the Word zero-day vulnerability and offered several workarounds for companies and consumers to deflect attacks.

In the meantime, a security researcher has released an unsanctioned script that modifies the Windows registry so that Word runs in a restricted mode, and so is immune to the current crop of exploits.

The release of the security advisory -- titled "Vulnerability in Word Could Allow Remote Code Execution," is typical of Microsoft when it considers a bug significant. The stop-gap workarounds included in advisories are designed to help users defend systems from attack until the Redmond, Wash.-based developer offers an official patch.

Microsoft's security team has already promised to put a patch in place no later than the next-scheduled update, June 13.

Some users don't want to wait that long. Matthew Murray, a security researcher who last made news when he publicly complained about Microsoft's lack of interest in an unpatched IE bug he'd discovered, has posted a script that modifies the registry.

"By using the 'Basic User' SRP [Software Restriction Policies], users can launch Microsoft Word without the ability to write to certain registry and file system locations that the in-the-wild malware requires access to," wrote Murray on his SecuriTeam blog.

The exploits currently attacking a limited number of targets require that Word be running under an administrator account; unfortunately, many Windows users, including most of those outside large corporations, run Word that way.

"The effectiveness of this registry fix is entirely based on known characteristics of the payload, rather than the exploit itself. As such, it is possible that future variants of the in-the-wild exploits (which target the same underlying vulnerability) will eliminate the dependence on administrative privileges and thus, reduce the effectiveness of this workaround," Murray added as a disclaimer.

His registry script -- which can be downloaded from here -- takes a tack similar to, but not identical, as the workarounds outlined in Microsoft's advisory, a company spokesman said Tuesday.

In the advisory, Microsoft included instructions on launching Word in "Safe Mode," a restricted version of the word processor that prevents vulnerable code from running but also drops some program features, including AutoCorrect and custom toolbars. (For a full list of Safe Mode's limitations, see this page on the Office Web site.)

Microsoft's enterprise workaround, which relies on group policy settings, also blocks a possible attack vector via the Outlook e-mail client, a tactic Murray's script doesn't address.

As it has in the past, Microsoft urged users to steer clear of Murray's fix, or any other unofficial patch.

"While Microsoft can appreciate the steps these vendors and independent security researchers are taking to provide our customers with mitigations, as a best practice, customers should obtain security updates and guidance from the original software vendor," the company's spokesman said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll