Microsoft Zero-Day Spurs Calls for Software Upgrades

Targeted attacks are attempting to exploit a vulnerability in the Microsoft Graphics component -- and it impacts Microsoft Windows, Microsoft Office, and Microsoft Lync. The company issued a security advisory on Tuesday to warn customers.

According to Redmond, the issue is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted e-mail message, open a specially crafted file, or browse specially crafted Web content.

WhatEUs more, Microsoft explained, an attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If itEUs any consolation, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. But most of the news is bad.

Out-of-Band Patch Likely?

Although there is some good news. Microsoft is investigating the issue and vowed to take appropriate actions to protect customers, which may include rolling out a security update via its monthly release process or issuing an out-of-cycle security update. In more good news, the company said an attacker would have no way to force users to view the attacker-controlled content.

Qualys reports that the vulnerability is present in Microsoft Office 2003, 2007 and 2010 and some of the older Windows operating systems and the currently observed attack vector is through Microsoft Word documents.

EUMicrosoft has provided a Fix It that turns off TIFF rendering in the affected graphics library, which should have no impact if you are not working with TIFF format files on a regular basis,EU Wolfgang Kandek, Qualys CTO, told us. EUGiven the close date of the next Patch Tuesday for November, we don't believe that we can count on a patch arriving...

Comments are closed.