The MS12-027 security bulletin addresses a vulnerability found in Microsoft Office versions 2003 to 2010 -- excluding the 64-bit version of Office 2010 -- and is susceptible to attacks embedded in rich text format (RTF) files. Qualys CTO Wolfgang Kandek says limited attacks targeting this exploit have already been identified in the wild. Now that the vulnerability has been made public, he says it won't be long until more attacks are designed to exploit it.

RELATED:

RELATED:

Jason Miller, manager of research and development at VMware, says the vulnerability addressed in MS12-027 "is a little scary" because it also affects SQL and developer tools like Visual Basic and Visual FoxPro and is likely to be found in spam attacks. Citing the increasingly deceptive spam attacks of late, which have advanced beyond fake ads for designer accessories and erectile dysfunction medication, Miller says that even those who are diligent about the emails they open may fall for an attack carrying an RTF exploit.

"I hate to say it, but the people who spam weren't very creative with what they did before," Miller says. "But if you look at the spam that's out there lately, it's Delta airlines confirmation emails or UPS claiming they dropped a package at your house and you need to open [a document] to confirm. So they're getting more and more intelligent about how to entice somebody to open up these attachments."