Microsoft issues emergency fix for zero-day Office flaw

By

Infected Word documents.

Microsoft issues emergency fix for zero-day Office flaw

Microsoft today released an emergency fix for a critical vulnerability in Office that it said hackers were exploiting via infected Word documents.

The issue affects users of Windows Vista, Windows Server 2008, Lync, and Office 2003 to 2010, Microsoft said in a blog post. The current versions of Windows and Office are not affected.

The software giant said it had been made aware of targeted attacks mostly in the Middle East and South Asia, with attackers sending unsuspecting victims crafted Word documents with a tainted attachment.

Once opened the attachment exploits the zero-day vulnerability using a malformed graphics image embedded in the document, Microsoft said.

A successful exploit would allow the attacker to gain the same user rights as the victim. 

"The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images," it said in the post.

"An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content."

Microsoft is "actively working" to develop a full automatic security patch but in the meantime has put out an interim manual "fix-it" to address the vulnerability. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Orica to set new workforce systems live in Australia in July

Orica to set new workforce systems live in Australia in July

ANZ Institutional readies go-live for "multi-agent chatbot" amie

ANZ Institutional readies go-live for "multi-agent chatbot" amie

Lion builds an app to detect its beers on tap in venues

Lion builds an app to detect its beers on tap in venues

Victoria Police refreshes online reporting

Victoria Police refreshes online reporting

Log In

  |  Forgot your password?