The Perils of the Preview Pane:
New Wine In an Old Bottle
That history may or may not repeat itself is an argument for History
Methodology courses. In the battle against the invasion and
resulting corruption of our computer networks by malware, the
fundamentals never seem to change much. Just as we have seen how
the exponential increase in computer capacity and ever increasing
network bandwidth has allowed what is called Artificial Intelligence to
evolve from a simple phrase repetition machine like Eliza into the
convincing model of human speech that is Bing, so have cyber crooks
leveraged the increases in computing power to more quickly and
efficiently compromise a computer network. In both cases, however,
the underlying fundamentals have not changed all that much.
An example
of new malware corked in an old bottle coming at you in real time and
right now is
CVE-2023-21716. The Microsoft advisory on
this attacker is dated February 14, 2023; Last updated: Feb 23, 2023.
The document is titled, "Microsoft Word Remote Code Execution
Vulnerability, CVE-2023-21716, Security Vulnerability."
Details about this attacker have been widely reported; and all sources have
stated the same alarming facts about CVE-2023-21716.
BleepingComputer, March 6, 2023, stated well the
issue at hand that all Outlook users currently face:
A remote attacker could potentially take advantage of the issue
to execute code with the same privileges as the victim that opens a
malicious .RTF document.
Delivering the
malicious file to a victim can be as easy as an attachment to an email,
although plenty of other methods exist.
Microsoft warns that users don’t have to open a malicious RTF document
and simply loading the file in the Preview Pane is enough for the
compromise to start.
Indeed, MS began its poopsheet on CVE-2023-21716 with a clear and unambiguous statement about RTF files and Outlook. Click the Curly Bracket for KB 831607.
We will let Bing define what is a Rich Text Format (RTF) file, and why it is an issue in cybersecurity. [ed. note. It's what Bing is good at.]
What is most important to understand is that a RTF attachment
will
appear as a Word document. The exchange of Word documents via
email is a common business function that makes this form of attack
a target rich environment. The email message itself can be RTF
formatted. Moreover, the ubiquity of Word
attachments in business communications has also made for a very
successful malware campaign ensnaring Small Businesses, especially those
who do not have the full time tech support to say on top of and mitigate
threats as they emerge.
Attacks initiated by RTF files have been an issue among security
researchers for some time, and continue to be so. Security Blvd, January 20, 2022,
published a good
overall summary of the issue, with a title, "Hackers Getting
Rich on RTF." Of course, a scan to the bottom will reveal
the disclaimer that in realty this is paid
(probably) advertising for a security product called:
*** This is a Security Bloggers Network syndicated blog from Votiro authored by Votiro. Read the original post at: https://votiro.com/blog/hackers-getting-rich-on-rtf/
Yet, despite all the dire warnings, there are 2 easy measures users can take now to protect themselves from this attacker, and all its past, present, and future cousins.
✓ Insure that your version of Office
is up to date. Microsoft patched for this attacker in February
2023. The unfortunate history of patching attackers like this is that
it often takes a couple of spins around the patch-o-rama before the bug is
forever squashed. On March 4, 2023, I posted,
Go Update Office Yourself; And Get All of This Week's New Features.
One of the new features was to certainly patch this beastie.
✓ TURN THE DANG PREVIEW PANE
(AKA, READING PANE) OFF!!!
Microsoft,
as have I, and as have dozens of others who write
on security issues, recommends reading all Outlook email in text only.
Of course, when I have suggested exactly that, the response is all too
often something like, "Could you repeat that in
English, please." So I have
stopped mentioning it, but nevertheless that will best secure your
Outlook email from many bad things. At this present time, however,
it really does behoove Outlook users to turn off the Preview Pane to
prevent attacks that only require the malware laden email to be
clicked; but not opened. If the Reading Pane
is active, then an RTF attachment or RTF formatted message can infect the computer
without opening the email message itself. That is the
long and short of it.
The Reading Pane is a simple control that
is made visible from the View → Layout menu on the toolbar from
Outlook's main
screen.
1. Click View from the Outlook
Main Menu
2. Click Layout → Mouse Over Reading Pane
If
Reading Pane is On, then it will look like below:
To turn off the Reading Pane, simply click it Off.
Turning off the Reading Pane, and thus preventing the RTF based attacks, is today — right now part of the ongoing discussion security researchers have among themselves. This attacker is in the wild here and now. There is no hyperbole here.
source:
https://cve.report/CVE-2023-21716
Even if you know you are fully patched, you may still be vulnerable. Also, turning off the Reading Pane will buy you some time to verify both the email; its sender; and the contents of the message itself, before possibly setting off any hand grenades on your system. November 06, 2022, I posted how to evaluate the legitimacy of email addresses and Domain Names. Maybe it is time for a refresher course, huh?
So please take the advice of security professionals far smarter than me. Until the all clear signal is given, if it ever will, protect yourself. Turn off the Reading Pane in Outlook. Before...
And take yourself out of the line of fire.
Get the point?