Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue. The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document. An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.Microsoft is working on a security update, in the meantime they offer a temporary fix that completely disables the tiff codec. You can find it over here.
Microsoft warns for .tiff vulnerability in older software
Posted on Wednesday, November 06 2013 @ 11:51 CET by Thomas De Maesschalck