Why settle for mainstream? Go upstream!

+46-8-56610670 info@upstream.se

Critical 0-day problem in MS Office and RTF files

Microsoft just released MSFixit 51010 as a quick solution for the current critical 0-day problem in MS Office, Microsoft Security Advisory (2953095).

From the Microsoft Technet blog: “The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.”

In our latest Upstream Kaseya Power Pack update you now have the tools to apply the MSFixit for this problem. Download the ZIP file here. Go to the System Tab in Kaseya and look for the Import Center. Import the Agetn Procedures XML file from the ZIP file. You should now have a new Agent Procedures folder under Shared looking like this:

Execute the Kaseya Agent Procedure on machines with affected MS Office versions installed. If MS Office is not present or not in the version scope, nothing will happen.

To follow up, look in the Windows Application Event Log for ID 1033 with the content 51010 and “error status: 0”. Why not use the report called “Logs – Event – MsiInstaller Information (Event ID 1033)” in the Kaseya Upstream Power Pack as a template to verify?

Good luck with the deployment of the MSFixIt.

Kind regards
The Upstream Tech Team

29 March, 2014 • BY Ronny Tunfjord