HP Security Products Blog
From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. HP Enterprise Security Products offers products and services that help organizations meet the security demands of a rapidly changing and more dangerous world. HP ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis and network-level defense mechanisms—unifying the components of a complete security program and reducing risk across your enterprise. In this blog, we will announce the latest offerings from HP ESP, discuss current trends in vulnerability research and technology, reveal new HP ESP security initiatives and promote our upcoming appearances and speaking engagements.

Proactive zero-day coverage from HP TippingPoint: CVE-2014-1761

Recently, Microsoft released details of a critical zero-day vulnerability (CVE-2014-1761) that is being actively exploited in the wild. The exploit leverages a flaw in specially crafted RTF documents to exploit users of Microsoft Word. The vulnerability can additionally be triggered by opening the malicious document in Outlook or simply previewing the attachment via the Outlook Word email viewer.


If successfully exploited, this vulnerability can result in full remote code execution in the privilege context of the user running the affected process. 


The temporary workaround from Microsoft has been to “Disable opening RTF content in Microsoft Word.”  While this is not a true patch or long term solution, customers of HP TippingPoint can breathe easy; HP TippingPoint has been providing proactive coverage for this vulnerability in the form of DV filter 12683 which has been shipping in the default recommended deployment since December of 2012, approximately 16 months prior to Microsoft’s announcement.


Click here to see a more in-depth analysis of this vulnerability.


Learn more about HP TippingPoint and other security products.

Labels: HP| security
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author
Top Kudoed Posts

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.