gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 25, 2024, 01:49:30 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Microsoft Warns of Zero-Day Under Attack
gfx
gfxgfx
 

Author Topic: Microsoft Warns of Zero-Day Under Attack  (Read 729 times)

0 Members and 1 Guest are viewing this topic.

Microsoft Warns of Zero-Day Under Attack
« on: November 08, 2013, 11:38:24 am »
http://www.securityweek.com/microsoft-warns-zero-day-under-attack

Quote
Microsoft released an advisory today warning users about a new zero-day under attack in targeted campaigns occurring in the Middle East and South Asia.

According to Microsoft, the vulnerability resides in the Microsoft Graphics component and impacts certain versions of Windows, Microsoft Office and Lync.  The problem exists in the way specially-crafted TIFF images are handled. To exploit the vulnerability, an attacker would have to convince a user to preview or open a specially-crafted email message, open a malicious file or browse malicious Web content. 

If exploited successfully, the vulnerability can be used to remotely execute code.

"The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment," blogged Dustin Childs, group manager of response communications for Microsoft Trustworthy Computing. "If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document.  An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user."

The vulnerability affects Office 2003, 2007 and 2010 as well as Windows Server 2008 and Windows Vista. Right now, Microsoft Word documents are the current vector for attack.

"Microsoft has provided a Fix-It that turns off TIFF rendering in the affected graphics library, which should have no impact if you are not working with TIFF format files on a regular basis," blogged Wolfgang Kandek, CTO of Qualys. "The listed software packages are not vulnerable under all conditions, so it is important that you take a look at your installed base and your possible exposure for the next couple of weeks into December."

Organizations can also disable on their own by changing the registry entries to control what images are parsed and rendered and what images are rejected in GDI+, the graphics device interface.

"Given the close date of the next Patch Tuesday for November, we don't believe that we can count on a patch arriving in time, but will probably have to wait until December, which makes your planning for a work-around even more important," Kandek blogged.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Microsoft Warns of Zero-Day Under Attack
« Reply #1 on: November 09, 2013, 08:28:47 am »
considering the tiff image format hasnt changed in 21 years this really begs the question of just how stale parts of windows' code is

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Microsoft Warns of Zero-Day Under Attack
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.01 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!