Microsoft rushes out security fix for Office and Windows Vista users

News
By
published

Software giant leaps into action after details about email-based attack on Vista and Office users emerge.

Microsoft has rushed out a fix for a security vulnerability that could allow hackers to unlawfully gain access to the PCs of Windows Vista and Office users.

The software giant confirmed the flaw has been used to carry out targeted attacks in the Middle East and South Asia, and affects Windows Vista, Windows Server 2008, and Microsoft Office versions 2003 to 2010.

Victims are sent an email asking them to open a corrupted Word attachment containing a malformed image that is used to try and exploit the vulnerability.

TIFF is a popular format and a lot of people may not be able to accomplish their daily work if their computer won't render graphics properly.

If successful, a hacker could gain the same access rights as the logged on user, Microsoft has warned.

As a result, the firm has released a couple of workarounds to protect users until a more permanent security update is made available to address the issue. Further details about these can be found here.

"As best practice, we always encourage customers to follow the Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software," Dustin Childs, group manager for response communications within Microsoft's Trustworthy Computing Group, wrote in a blog post.

"We also encourage customers to exercise caution when visiting websites and avoid clicking suspicious links or opening email messages from unfamiliar senders," he added.

One of the workaround put forward by Microsoft requires users to disable the TIFF codec, which Tyler Reguly, technical manager of security research and development at security vendor Tripwire, warned may not be a viable solution for some.

"TIFF is a popular format and a lot of people may not be able to accomplish their daily work if their computer won't render graphics properly. Web developers, graphic designers and those in marketing are just a few examples of people that may be greatly hindered by the Fix It," explained Reguly.

"It puts people in the difficult situation of preventing a new vulnerability or doing their job. Enterprises that work heavily with graphics may have a difficult time justifying the deployment of this fix," he added.

Caroline Donnelly
Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.