Windows Vista, Office Vulnerable to Zero-Day Attack
Microsoft has warned users of its software to beware bogus file attachments. The firm says a newly discovered vulnerability in Windows Vista and the Office software suite could allow hackers remote access to a victim's computer.
The flaw affects the Windows Vista and Server 2008 operating systems. It also affects Microsoft Office 2003, 2007, and 2010, plus Microsoft Lync, a communications package. Later editions of Windows, such as Windows 7 and Windows 8, are unaffected.
The problem does not affect Windows XP, either.
The problem involves the way the affected software handles image files in the TIFF format, which is popular for photography and desktop publishing applications. Microsoft says hackers could create a special file that, if opened on a victim's computer, would allow cybercrooks remote access to a system. (Source: microsoft.com)
Bogus Links or Attachments Key to Attack
Microsoft says the victim would have to open a file for the attack to work. In most cases, hackers will use a malicious email attachment to carry out the attack. (Source: bbc.co.uk)
If successful, the hacker would gain the same access to a system as the victim. For example, if the victim was logged into Windows on an administrator account, the hacker would have administrator rights.
Emergency Patch May Be Coming Soon
The issue is known as a zero day attack, meaning hackers discovered the exploit before Microsoft.
Microsoft says it is working on solving the problem and may issue an out-of-cycle update, otherwise known as an emergency patch.
Microsoft says users can mitigate the problem by temporarily changing Windows settings to block their operating system from opening any TIFF files. That involves changing Windows registry settings, which can be complicated and cause problems if done incorrectly.
To get round this, Microsoft has issued two "Fix It" tools that allow users to automatically make and later undo the changes by clicking one button.
These tools are located at Microsoft's Technet site, which you can access by clicking here.
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.