A newly discovered security hole in Office could allow remote code execution
Microsoft
has discovered a vulnerability in the graphics component of its
Windows, Office, and Lync software that could allow hackers to execute
malicious code from a remote location. The software giant said it is
aware of targeted attacks that attempt to exploit the vulnerability in
Office and has suggested a series of workarounds until it can issue a
permanent patch. In the meantime, Microsoft has made available a piece
of "Fix it" software to automatically apply the workaround procedures in
affected products."The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content," Microsoft explains in Security Advisory 2896666. "An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
The Fix it solution applies to various flavors of Windows Server 2008, Windows Vista, Office, and Lync. Since there have been documented attacks on Office users, anyone using Office should install the Fix it to err on the side of caution.
Source: MaximimPC
No comments:
Post a Comment