Microsoft has released Security Advisory 2896666 about a vulnerability in Windows Vista and Windows Server 2008, Microsoft Office 2003 to 2010, and all supported versions of Microsoft Lync, that is being exploited in the wild and targeting PC users mainly in the Middle East and South Asia.
The attack uses an email with a specially crafted Word attachment. If the user opens the attachment it will try to exploit the vulnerability via a malformed image embedded in the document. If successful the attackers gain the same user rights as the logged on user.
According to Microsoft the remote code execution vulnerability exists because of bugs in the code which handles badly formed TIFF images. Only Windows Vista is affected and the current versions of Microsoft Office are not vulnerable.
The current attacks use the Word document attached to the email as a container for the specially crafted TIFF file. However, Microsoft says that hackers could also exploit the issue via a web-based attack. “An attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website,” it said.
While Microsoft is working to fix the error and release a security update it recommends the following actions:
- Apply the Microsoft Fix it solution, “Disable the TIFF Codec” that prevents exploitation of the issue. See Microsoft Knowledge Base Article 2896666 to use the automated Microsoft Fix it solution to enable this workaround.
- Deploy the Enhanced Mitigation Experience Toolkit (EMET). This will help prevent exploitation by providing mitigations to protect against the issue and should not affect usability of any programs. An easy guide for EMET installation and configuration is available inKB2458544.