Microsoft has issued a new security advisory, with a temporary Fix it, giving details on a zero-day exploit against older versions of Windows that is currently being exploited in the wild.
At the end of last month McAfee’s Advanced Exploit Detection System found a suspicious sample, and the company’s subsequent investigation confirmed the sample as a new zero-day attack targeting Microsoft Office. Since the sample was in the wild, actively being used, McAfee immediately shared the information with Microsoft. Within a week, Microsoft has released a security advisory and emergency Fix it.
Fix its are temporary solutions that can be used to protect against specific threats before a formal patch is released. That patch could be delivered in December’s Patch Tuesday updates, or via “an out-of-cycle security update, depending on customer needs,” says Microsoft. Users who may consider themselves vulnerable, however, should install the Fix it as soon as possible.
The vulnerability exists in the way Tiff images are handled by the operating system. “An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content.” One mitigating factor is that it requires user interaction to actually click the malformed graphic – however, attackers are very successful at tricking victims to do just that.