Microsoft warns of security flaw in key software products

Microsoft has warned that hackers could exploit a zero-day vulnerability in the graphics component of key products to gain control of computers

Warwick Ashford, Senior analyst

Published: 06 Nov 2013 9:24

Microsoft has warned that hackers could exploit a zero-day vulnerability in the graphics component of several key products to gain control of users’ computers.

The vulnerable component is found in Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003-2010 and Microsoft Lync.

The flaw lies in the handling of the Tagged Image File Format (TIFF) image files by the graphics processing component in the affected software.

“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products,” the company said in a security advisory.

According to the advisory, attackers could exploit the vulnerability by requesting users to preview or open a specially crafted email or web content.

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, but the impact would be lower on users who do not operate with full administrative rights.

Microsoft said it would take appropriate action to address the issue, which "may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs".

In a security advisory, Microsoft has made available a Fix It tool as a temporary measure, which the company is urging at-risk users to install.

“The hope is that Microsoft releases a proper fix for the vulnerability – and close the door permanently on future attacks exploiting the flaw – as soon as possible,” said independent security consultant Graham Cluley.

“It is worth emphasising that unlike most fixes from Microsoft, the Fix It tool will not be automatically rolled out to users. If you want to protect your computers from having the flaw exploited, you need to download and run the tool,” he wrote in a blog post.

Microsoft warns of security flaw in key software products

Microsoft has warned that hackers could exploit a zero-day vulnerability in the graphics component of key products to gain control of computers

More on zero-day vulnerabilities and exploits

Read more on Hackers and cybercrime prevention

Microsoft patches two Windows zero-days in July Patch Tuesday

Microsoft issues critical patches but not for zero days

Risk & Repeat: Windows zero-day sparks disclosure debate

Experts question Microsoft's Windows zero-day response

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

Preparing for the new forms of cybersecurity threats in 2020

What is the state of CIO tenure today?

The evolution of RPA, from macros to process transformation

SearchSecurity

AWS leak exposes passwords, private keys on GitHub

3 tips for writing a quality penetration testing report

Netgear under fire after TLS certificates found in firmware -- again

SearchNetworking

Build a source of truth into your network automation strategy

SD-WAN explained: The ultimate guide to SD-WAN architecture

VMware acquisition of Nyansa combines LAN, WAN analytics

SearchDataCenter

Top data center skills admins can use in 2020

Organizations try to predict the effect of 5G infrastructure

Top infrastructure and operations technology myths of 2019

SearchDataManagement

Hitachi Vantara acquires data catalog vendor Waterline Data

New Confluent Platform release boosts event streaming quality

Where InfluxDB time series database is going