Top | |
Newsletter 03/10/2023 |
Back to Contents |
The Perils of the Preview Pane:
That history may or may not repeat itself is an argument for History
Methodology courses. In the battle against the invasion and
resulting corruption of our computer networks by malware, the
fundamentals never seem to change much. Just as we have seen how
the exponential increase in computer capacity and ever increasing
network bandwidth has allowed what is called Artificial Intelligence to
evolve from a simple phrase repetition machine like Eliza into the
convincing model of human speech that is Bing, so have cyber crooks
leveraged the increases in computing power to more quickly and
efficiently compromise a computer network. In both cases, however,
the underlying fundamentals have not changed all that much.
A remote attacker could potentially take advantage of the issue
to execute code with the same privileges as the victim that opens a
malicious .RTF document. Indeed, MS began its poopsheet on CVE-2023-21716 with a clear and unambiguous statement about RTF files and Outlook. Click the Curly Bracket for KB 831607.
We will let Bing define what is a Rich Text Format (RTF) file, and why it is an issue in cybersecurity. [ed. note. It's what Bing is good at.]
What is most important to understand is that a RTF attachment
will
appear as a Word document. The exchange of Word documents via
email is a common business function that makes this form of attack
a target rich environment. The email message itself can be RTF
formatted. Moreover, the ubiquity of Word
attachments in business communications has also made for a very
successful malware campaign ensnaring Small Businesses, especially those
who do not have the full time tech support to say on top of and mitigate
threats as they emerge. *** This is a Security Bloggers Network syndicated blog from Votiro authored by Votiro. Read the original post at: https://votiro.com/blog/hackers-getting-rich-on-rtf/ Yet, despite all the dire warnings, there are 2 easy measures users can take now to protect themselves from this attacker, and all its past, present, and future cousins.
✓ Insure that your version of Office
is up to date. Microsoft patched for this attacker in February
2023. The unfortunate history of patching attackers like this is that
it often takes a couple of spins around the patch-o-rama before the bug is
forever squashed. On March 4, 2023, I posted,
Go Update Office Yourself; And Get All of This Week's New Features.
One of the new features was to certainly patch this beastie.
Microsoft,
as have I, and as have dozens of others who write
on security issues, recommends reading all Outlook email in text only.
Of course, when I have suggested exactly that, the response is all too
often something like, "Could you repeat that in
English, please." So I have
stopped mentioning it, but nevertheless that will best secure your
Outlook email from many bad things. At this present time, however,
it really does behoove Outlook users to turn off the Preview Pane to
prevent attacks that only require the malware laden email to be
clicked; but not opened. If the Reading Pane
is active, then an RTF attachment or RTF formatted message can infect the computer
without opening the email message itself. That is the
long and short of it.
1. Click View from the Outlook
Main Menu
To turn off the Reading Pane, simply click it Off.
Turning off the Reading Pane, and thus preventing the RTF based attacks, is today — right now part of the ongoing discussion security researchers have among themselves. This attacker is in the wild here and now. There is no hyperbole here.
Even if you know you are fully patched, you may still be vulnerable. Also, turning off the Reading Pane will buy you some time to verify both the email; its sender; and the contents of the message itself, before possibly setting off any hand grenades on your system. November 06, 2022, I posted how to evaluate the legitimacy of email addresses and Domain Names. Maybe it is time for a refresher course, huh? So please take the advice of security professionals far smarter than me. Until the all clear signal is given, if it ever will, protect yourself. Turn off the Reading Pane in Outlook. Before...
And take yourself out of the line of fire. Get the point? |
¯\_(ツ)_/¯ |
Gerald Reiff |
Back to Top | ← previous post | next post → |