Watch Out: Microsoft warns Office, Vista, Lync and more vulnerable to zero-day exploit

Microsoft has issued a warning that Office, Vista, Lync and more are vulnerable to zero-day exploit by hackers.

According to the Redmond-based company, hackers could take advantage of the "vulnerability" in the OS to gain access to affected computers, requesting users to preview or open a specifically crafted email Word attachment.

In the event the attachment is previewed or opened, it will exploit the issue by using a malformed graphic image that is embedded in the crafted document.

The issue affects Microsoft Windows Vista, Office 2003-2010, Microsoft Lync and Windows Server 2008. Microsoft revealed that it is aware of the issue and is investigating.

"Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products," notes the company.

The recent versions of Windows and Office, however, are not affected by the issue. Products which are at risk are listed here.

"Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue," said Dustin Childs, Microsoft's Group Manager, Response Communications.

Per Microsoft, the fault is in the handling of the Tagged Image File Format (TIFF) files in the concerned software versions.

Microsoft has also confirmed that it will take the necessary action to address the issue which could include "providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs".

"We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect customers," said Childs.

While Microsoft investigates and takes appropriate action to address the issue, users are advised to apply setting changes that do not "correct the underlying issue but would help block known attack vectors before a security update is available."

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics