Microsoft has warned users they could
be attacked by hackers exploiting a "vulnerability" in its software.
Attackers could exploit the
vulnerability to allow remote code execution, giving them the same user rights
as the current user.
Microsoft said it is "aware of
targeted attacks that attempt to exploit this vulnerability in Microsoft Office
products," in a statement today.
The software vulnerability is in the
Microsoft Graphics component that affects Microsoft Windows Vista, Windows
Server 2008, Microsoft Office 2003 - 2010, and Microsoft Lync.
The current versions of Windows XP,
8, 8.1 and RT are not affected by the issue which centres on graphic components
that handle specially crafted TIFF images.
Attackers could exploit the
vulnerability by convinving users to open specially crafted emails, attachments
or web content.
Users who have full administrative
user rights on their Microsoft systems are more at risk than users whose
accounts are configured to have less rights on the system.
Microsoft is investigating the flaw
and said: "Upon completion of this investigation, Microsoft will take the
appropriate action to help protect our customers.
"This may include providing a
security update through our monthly release process or providing an
out-of-cycle security update, depending on customer needs."
In a blog post, Dustin Childs, a response communications
manager, said the attacks are largely taking place in the Middle East and South
Asia.
He advised users to apply the
Microsoft Fix it solution and Disable the TIFF Codec that prevents exploitation
of the issue.
He also suggested they deploy the
Enhanced Mitigation Experience Toolkit which helps prevent exploitation by
providing mitigations to protect against the vulnerability.
"As a best practice, we always
encourage customers to follow the Protect Your Computer guidance of enabling a
firewall, applying all software updates and installing anti-virus and
anti-spyware software," he said.
"We also encourage customers to
exercise caution when visiting websites and avoid clicking suspicious links or
opening email messages from unfamiliar senders."
Source: Telegraph
previous article
Newer Post
No comments
Post a Comment