Microsoft in a TIFF over Windows, Office bug that runs code hidden in pics
Microsoft has alerted users and system administrators following the discovery of targeted attacks on a security bug present in Windows, Office and Lync.
The software giant said the flaw allows attackers to remotely execute code and install malware on a vulnerable system by sending an email or instant message or convincing a user to open a specially crafted webpage.
According to Microsoft, the flaw lies in the handling of TIFF image files by a graphics processing component in Windows Vista, Server 2008, Office 2003 to 2010 and Microsoft Lync. When exploited, the attacker’s code hidden in the image file executes on the target system with the same privileges as the current user.
Researchers at McAfee said they tracked assaults on Windows XP systems, and warned that Windows 7 systems are also vulnerable if an affected version of Office is installed. Versions of Office and Lync for Mac OS X are not believed to be at risk.
It’s understood the TIFF attack works by tricking the OS into copying malicious code stashed in the file into memory and then hijacking the processor to execute it.
Microsoft has yet to post a patch to fix the bug, although the company has posted a workaround which edits the Windows registry to prevent the rendering of TIFF images, thus blocking off the attack vector on vulnerable systems.
Should a formal update for the flaw arrive, it would most likely hit the download servers next Tuesday when Microsoft issues its monthly Patch Tuesday security update. The regularly scheduled fix designates the release time for all but the most serious patches on Windows, Office and Internet Explorer. ®