Microsoft warns of security flaw in key software products

Microsoft has warned that hackers could exploit a zero-day vulnerability in the graphics component of key products to gain control of computers

Warwick Ashford, Senior analyst

Published: 06 Nov 2013 9:24

Microsoft has warned that hackers could exploit a zero-day vulnerability in the graphics component of several key products to gain control of users’ computers.

The vulnerable component is found in Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003-2010 and Microsoft Lync.

The flaw lies in the handling of the Tagged Image File Format (TIFF) image files by the graphics processing component in the affected software.

“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products,” the company said in a security advisory.

According to the advisory, attackers could exploit the vulnerability by requesting users to preview or open a specially crafted email or web content.

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, but the impact would be lower on users who do not operate with full administrative rights.

Microsoft said it would take appropriate action to address the issue, which "may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs".

In a security advisory, Microsoft has made available a Fix It tool as a temporary measure, which the company is urging at-risk users to install.

“The hope is that Microsoft releases a proper fix for the vulnerability – and close the door permanently on future attacks exploiting the flaw – as soon as possible,” said independent security consultant Graham Cluley.

“It is worth emphasising that unlike most fixes from Microsoft, the Fix It tool will not be automatically rolled out to users. If you want to protect your computers from having the flaw exploited, you need to download and run the tool,” he wrote in a blog post.

Microsoft warns of security flaw in key software products

Microsoft has warned that hackers could exploit a zero-day vulnerability in the graphics component of key products to gain control of computers

More on zero-day vulnerabilities and exploits

Read more on Hackers and cybercrime prevention

zero-day (computer)

10 years after Stuxnet, new zero-days discovered

Microsoft patches two Windows zero-days in July Patch Tuesday

October 2017 Patch Tuesday includes Windows zero-day fix

SearchCIO

Parler sues AWS, seeks restraining order

Digital healthcare top priority for CIOs in 2021

C-suite execs give future technology predictions for the decade

SearchSecurity

What is the future of cybersecurity?

Tenable: Vulnerability disclosures skyrocketed over last 5 years

Select a customer IAM architecture to boost business, security

SearchNetworking

Considerations for SASE management and troubleshooting

Cisco sweetens Acacia deal by $2 billion

SASE challenges include network security roles, product choice

SearchDataCenter

Get a template to estimate server power consumption per rack

When the chips are down, Intel turns to VMware's Pat Gelsinger

Intel CEO Bob Swan to be replaced by VMware's Pat Gelsinger

SearchDataManagement

Informatica takes Customer 360 master data management to cloud

Graph database vs. relational database: Key differences

ScyllaDB NoSQL database to improve with Project Circe