Windows Vista, Office Vulnerable to Zero-Day Attack

Dennis Faas's picture

Microsoft has warned users of its software to beware bogus file attachments. The firm says a newly discovered vulnerability in Windows Vista and the Office software suite could allow hackers remote access to a victim's computer.

The flaw affects the Windows Vista and Server 2008 operating systems. It also affects Microsoft Office 2003, 2007, and 2010, plus Microsoft Lync, a communications package. Later editions of Windows, such as Windows 7 and Windows 8, are unaffected.

The problem does not affect Windows XP, either.

The problem involves the way the affected software handles image files in the TIFF format, which is popular for photography and desktop publishing applications. Microsoft says hackers could create a special file that, if opened on a victim's computer, would allow cybercrooks remote access to a system. (Source: microsoft.com)

Bogus Links or Attachments Key to Attack

Microsoft says the victim would have to open a file for the attack to work. In most cases, hackers will use a malicious email attachment to carry out the attack. (Source: bbc.co.uk)

If successful, the hacker would gain the same access to a system as the victim. For example, if the victim was logged into Windows on an administrator account, the hacker would have administrator rights.

Emergency Patch May Be Coming Soon

The issue is known as a zero day attack, meaning hackers discovered the exploit before Microsoft.

Microsoft says it is working on solving the problem and may issue an out-of-cycle update, otherwise known as an emergency patch.

Microsoft says users can mitigate the problem by temporarily changing Windows settings to block their operating system from opening any TIFF files. That involves changing Windows registry settings, which can be complicated and cause problems if done incorrectly.

To get round this, Microsoft has issued two "Fix It" tools that allow users to automatically make and later undo the changes by clicking one button.

These tools are located at Microsoft's Technet site, which you can access by clicking here.

Rate this article: 
No votes yet