Microsoft has issued a new security advisory, with a temporary Fix it, giving details on a zero-day exploit against older versions of Windows that is currently being exploited in the wild.
At the end of last month McAfee’s Advanced Exploit Detection System found a suspicious sample, and the company’s subsequent investigation confirmed the sample as a new zero-day attack targeting Microsoft Office. Since the sample was in the wild, actively being used, McAfee immediately shared the information with Microsoft. Within a week, Microsoft has released a security advisory and emergency Fix it.
Fix its are temporary solutions that can be used to protect against specific threats before a formal patch is released. That patch could be delivered in December’s Patch Tuesday updates, or via “an out-of-cycle security update, depending on customer needs,” says Microsoft. Users who may consider themselves vulnerable, however, should install the Fix it as soon as possible.
The vulnerability exists in the way Tiff images are handled by the operating system. “An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content.” One mitigating factor is that it requires user interaction to actually click the malformed graphic – however, attackers are very successful at tricking victims to do just that.
SOURCE: infosecurity-magazine.com
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…