Update: Microsoft issued a patch for this vulnerability in December 2013’s ‘Patch Tuesday’ round of fixes. Read the official bulletin here.
Windows, Office, Lync vulnerable
Microsoft is asking users to be vigilant and take precautions against a newly discovered exploit which could allow hackers to remotely take control of Windows computers.
PCs running various combinations of Windows, Office, and Lync are predominantly at risk.
The exploit is based around a fault in the rendering of TIFF graphics in Office which allows a hacker to install malware once the user has opened a Word DOCX file containing an image, usually received as an email attachment. The hacker can then gain identical access to the PC as the current user.
In some cases a PC can be infected by previewing the Word document through Outlook, but this behavior is restricted to users of Office 2003 and earlier.
Attacks have so far centered on South Asia and the Middle East but may spread to other locations.
Microsoft has yet to issue a fix for this problem and seem unlikely to do so in time for this month’s ‘Patch Tuesday’ on November 12. In the meantime Microsoft recommends installing all available security updates and a temporary ‘Fix it’ which involves disabling all TIFF graphics in Windows.
Is my PC at risk?
Please check the table below to see if any of your computers are vulnerable.
| Windows XP Windows Server 2003 |
Windows Vista, 7, 8, 8.1 | |
|---|---|---|
| Word 2003 | Vulnerable | Vulnerable |
| Word 2007 | Vulnerable | Vulnerable |
| Word 2010 | Vulnerable | Safe |
| Word 2013 | Safe | Safe |
Contact us
METHOD IT is a certified Microsoft Japan partner offering support in both English and Japanese. If you are in any doubt as to how to take precautions against this security risk, contact us now for a free quote on our IT Admin and Support solutions.