Microsoft announced yesterday [Tuesday 5 November] that it is investigating private reports of a vulnerability in a Microsoft Graphics component that affects several older versions of Microsoft Windows, Microsoft Office, and Microsoft Lync.
Microsoft announced yesterday [Tuesday 5 November] that it is investigating private reports of a vulnerability in a Microsoft Graphics component that affects several older versions of Microsoft Windows, Microsoft Office, and Microsoft Lync.
Known as a zero-day threat, the vulnerability allows attackers to gain the same access rights as the user of a targeted computer. It was discovered yesterday in the Middle East and is expected to affect the West today.
Dean Cooper, a senior consultant and certified ethical hacker at C5 Alliance Group has urged business and home users of Microsoft products to take the appropriate steps to avoid being targeted.
“As with many similar threats it requires user interaction. An attacker cannot access your systems without you opening an attachment or clicking on a web link, so vigilance is important here. The form of the malicious content is a TIFF image file embedded into a Word document, which is quite unusual, so it is best to avoid unknown attachments for the time being,” he said.
“Microsoft is currently investigating the threat but we know that it affects Office 2003-2010, while Office 2013 is thought to be unaffected.”
The next monthly security update from Microsoft, dubbed ‘Patch Tuesday’, is due on 12 November making it unlikely that a permanent fix will be available until December.
“There is a temporary workaround in place which will help limit the chances of attack. The advice to anyone who is concerned that they may be targeted is that they contact their security provider to obtain more detail on the warning signs and have this workaround implemented as soon as possible,” said Mr Cooper.