Wednesday, 6 November 2013

Microsoft warns users of targeted hacker attacks

Microsoft software has a vulnerability that hackers can exploit to attack users and gain remote control of their devices


Microsoft has warned users they could be attacked by hackers exploiting a "vulnerability" in its software.
Attackers could exploit the vulnerability to allow remote code execution, giving them the same user rights as the current user.
Microsoft said it is "aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products," in a statement today.
The software vulnerability is in the Microsoft Graphics component that affects Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 - 2010, and Microsoft Lync.
The current versions of Windows XP, 8, 8.1 and RT are not affected by the issue which centres on graphic components that handle specially crafted TIFF images.
Attackers could exploit the vulnerability by convinving users to open specially crafted emails, attachments or web content.
Users who have full administrative user rights on their Microsoft systems are more at risk than users whose accounts are configured to have less rights on the system.
Microsoft is investigating the flaw and said: "Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers.
"This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."
In a blog post, Dustin Childs, a response communications manager, said the attacks are largely taking place in the Middle East and South Asia.
He advised users to apply the Microsoft Fix it solution and Disable the TIFF Codec that prevents exploitation of the issue.
He also suggested they deploy the Enhanced Mitigation Experience Toolkit which helps prevent exploitation by providing mitigations to protect against the vulnerability.
"As a best practice, we always encourage customers to follow the Protect Your Computer guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software," he said.
"We also encourage customers to exercise caution when visiting websites and avoid clicking suspicious links or opening email messages from unfamiliar senders."

Source : The Telegraph

No comments:

Post a Comment