Microsoft’s Enhanced Mitigation Experience Tool can guard against the kinds of attacks now observed in the wild. Microsoft Hackers are exploiting a previously unknown vulnerability in Microsoft Windows and Office software that allows computers to be infected with malware, the company warned in advisories published Tuesday.

The advanced exploit arrives in a booby-trapped Word document attached to e-mails, Elia Florio of the Microsoft Security Response Center wrote on Tuesday.

The attacks are narrowly targeted at certain individuals or companies and are mostly found in the Middle East and South Asia.

The malicious document exploits a vulnerability in Microsoft’s graphics device interface that makes it possible for attackers to remotely execute any code of their choice. “If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document,” Dustin Childs, group manager in the Microsoft Trustworthy Computing group wrote in a separate advisory. “An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.” A third advisory is here.     

Leave a Reply