Microsoft issues emergency fix for zero-day Office flaw

By

Infected Word documents.

Microsoft issues emergency fix for zero-day Office flaw

Microsoft today released an emergency fix for a critical vulnerability in Office that it said hackers were exploiting via infected Word documents.

The issue affects users of Windows Vista, Windows Server 2008, Lync, and Office 2003 to 2010, Microsoft said in a blog post. The current versions of Windows and Office are not affected.

The software giant said it had been made aware of targeted attacks mostly in the Middle East and South Asia, with attackers sending unsuspecting victims crafted Word documents with a tainted attachment.

Once opened the attachment exploits the zero-day vulnerability using a malformed graphics image embedded in the document, Microsoft said.

A successful exploit would allow the attacker to gain the same user rights as the victim. 

"The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images," it said in the post.

"An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content."

Microsoft is "actively working" to develop a full automatic security patch but in the meantime has put out an interim manual "fix-it" to address the vulnerability. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
emergencyexploithackermicrosoftofficepatchsecuritysoftwarevistawindowswordzeroday

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

Orica to set new workforce systems live in Australia in July

Orica to set new workforce systems live in Australia in July
Lion builds an app to detect its beers on tap in venues

Lion builds an app to detect its beers on tap in venues
ANZ Institutional readies go-live for "multi-agent chatbot" amie

ANZ Institutional readies go-live for "multi-agent chatbot" amie
Victoria Police refreshes online reporting

Victoria Police refreshes online reporting
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?