You are here

HomeJohn Lister › Windows Vista, Office Vulnerable to Zero-Day Attack

Windows Vista, Office Vulnerable to Zero-Day Attack

Dennis Faas's picture
by John Lister on November, 7 2013 at 08:11AM EST

Microsoft has warned users of its software to beware bogus file attachments. The firm says a newly discovered vulnerability in Windows Vista and the Office software suite could allow hackers remote access to a victim's computer.

The flaw affects the Windows Vista and Server 2008 operating systems. It also affects Microsoft Office 2003, 2007, and 2010, plus Microsoft Lync, a communications package. Later editions of Windows, such as Windows 7 and Windows 8, are unaffected.

The problem does not affect Windows XP, either.

The problem involves the way the affected software handles image files in the TIFF format, which is popular for photography and desktop publishing applications. Microsoft says hackers could create a special file that, if opened on a victim's computer, would allow cybercrooks remote access to a system. (Source: microsoft.com)

Bogus Links or Attachments Key to Attack

Microsoft says the victim would have to open a file for the attack to work. In most cases, hackers will use a malicious email attachment to carry out the attack. (Source: bbc.co.uk)

If successful, the hacker would gain the same access to a system as the victim. For example, if the victim was logged into Windows on an administrator account, the hacker would have administrator rights.

Emergency Patch May Be Coming Soon

The issue is known as a zero day attack, meaning hackers discovered the exploit before Microsoft.

Microsoft says it is working on solving the problem and may issue an out-of-cycle update, otherwise known as an emergency patch.

Microsoft says users can mitigate the problem by temporarily changing Windows settings to block their operating system from opening any TIFF files. That involves changing Windows registry settings, which can be complicated and cause problems if done incorrectly.

To get round this, Microsoft has issued two "Fix It" tools that allow users to automatically make and later undo the changes by clicking one button.

These tools are located at Microsoft's Technet site, which you can access by clicking here.

Filed under:
Business
,
Microsoft
| Tags:
microsoft
,
victim
,
hackers
,
windows
,
access
,
attack
Rate this article: 
No votes yet
Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.