Microsoft is investigating a new remote code execution vulnerability in Windows Vista, Server 2008 and all versions of office except 2013. Microsoft have issues a security advisory because it has confirmed that the vulnerability is being exploited in targeted attacks.
The exploit does not affect new operating systems such as Server 2012 and also Windows 7/8 and the exploit requires user interaction which requires the user to open a word document that opens up the vulnerability. If the attachment is opened, it will attempt to exploit the vulnerability using an image which is in the document. If the attacker manages to get the code to run then they will be able to run commands as the user that is logged on.
The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft has yet to release a patch which fixes the issue they have given some fixes which will fix the issue for now.
- Apply the Microsoft Fix it solution, “Disable the TIFF Codec” that prevents exploitation of the issue.
- Deploy the Enhanced Mitigation Experience Toolkit (EMET) and prevent exploitation by providing mitigations to protect against the issue.
Microsoft has also noted that all users should enable a firewall and have Antivirus/Spyware running on there computers and also not to open email attachments from unknown senders.