Microsoft Remote Access Hacking Threat

Get more IT news like this every month Subscribe to our newsletter »

Update: Microsoft issued a patch for this vulnerability in December 2013’s ‘Patch Tuesday’ round of fixes. Read the official bulletin here.

Windows, Office, Lync vulnerable

Microsoft is asking users to be vigilant and take precautions against a newly discovered exploit which could allow hackers to remotely take control of Windows computers.

PCs running various combinations of Windows, Office, and Lync are predominantly at risk.

The exploit is based around a fault in the rendering of TIFF graphics in Office which allows a hacker to install malware once the user has opened a Word DOCX file containing an image, usually received as an email attachment. The hacker can then gain identical access to the PC as the current user.

In some cases a PC can be infected by previewing the Word document through Outlook, but this behavior is restricted to users of Office 2003 and earlier.

Attacks have so far centered on South Asia and the Middle East but may spread to other locations.

Microsoft has yet to issue a fix for this problem and seem unlikely to do so in time for this month’s ‘Patch Tuesday’ on November 12. In the meantime Microsoft recommends installing all available security updates and a temporary ‘Fix it’ which involves disabling all TIFF graphics in Windows.

Is my PC at risk?

Please check the table below to see if any of your computers are vulnerable.

Windows XP
Windows Server 2003
Windows Vista, 7, 8, 8.1
Word 2003 Vulnerable Vulnerable
Word 2007 Vulnerable Vulnerable
Word 2010 Vulnerable Safe
Word 2013 Safe Safe

Contact us

METHOD IT is a certified Microsoft Japan partner offering support in both English and Japanese. If you are in any doubt as to how to take precautions against this security risk, contact us now for a free quote on our IT Admin and Support solutions.

Further details

Get regular updates of need-to-know IT news on Twitter
Get more IT news like this every month Subscribe to our newsletter »