Members
Stats
  • Total Posts: 28530
  • Total Topics: 8241
  • Online Today: 870
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Microsoft is aware of new targeted attacks on Windows, Office & Lync  (Read 537 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


If you use aged versions of Windows or Microsoft Office, be on the lookout; Redmond issued a security warning today.

In their latest Security Advisory report, Microsoft states that they are investigating reports of vulnerabilities in multiple versions of Windows Vista, Windows Server 2008 and Microsoft Office. They’re also aware of “targeted attacks” that try to take advantage of a security hole in Office.

Here’s how Microsoft describes the vulnerability:

“[It's] a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

The report indicates that a hacker who attacks a PC using this vulnerability could gain the same rights to the machine that the user has, even administrative rights. However, the hacker would also be bound do whatever restrictions the user is limited to in the event that they do not have administrative rights access. Hackers could also attack a machine with this vulnerability if a user clicked an affected link in an email or instant message, or opened a tainted email attachment.

Microsoft says that they are working with partners in this investigation and could choose to address the issue by releasing an update. The update may fall in line with Microsoft’s monthly update schedule, though the report states that the patch could be released “out-of-cycle.” Which route Microsoft goes depends on “customer needs.”

Click here to see the report, and a complete list of the affected Microsoft software:
http://technet.microsoft.com/en-us/security/advisory/2896666

(DT)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising