Microsoft issues emergency fix for zero-day Office flaw

By

Infected Word documents.

Microsoft issues emergency fix for zero-day Office flaw

Microsoft today released an emergency fix for a critical vulnerability in Office that it said hackers were exploiting via infected Word documents.

The issue affects users of Windows Vista, Windows Server 2008, Lync, and Office 2003 to 2010, Microsoft said in a blog post. The current versions of Windows and Office are not affected.

The software giant said it had been made aware of targeted attacks mostly in the Middle East and South Asia, with attackers sending unsuspecting victims crafted Word documents with a tainted attachment.

Once opened the attachment exploits the zero-day vulnerability using a malformed graphics image embedded in the document, Microsoft said.

A successful exploit would allow the attacker to gain the same user rights as the victim. 

"The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images," it said in the post.

"An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content."

Microsoft is "actively working" to develop a full automatic security patch but in the meantime has put out an interim manual "fix-it" to address the vulnerability. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

AGL taps AI agents in retail transformation

AGL taps AI agents in retail transformation

TAFE NSW inks $34m Microsoft renewal

TAFE NSW inks $34m Microsoft renewal

nib develops Cortex-powered AI to streamline data migration

nib develops Cortex-powered AI to streamline data migration

Australia takes another step toward a central bank digital currency

Australia takes another step toward a central bank digital currency

Log In

  |  Forgot your password?