Microsoft has warned that hackers could exploit a zero-day vulnerability in the graphics component of several key products to gain control of users’ computers.
The vulnerable component is found in Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003-2010 and Microsoft Lync.
The flaw lies in the handling of the Tagged Image File Format (TIFF) image files by the graphics processing component in the affected software.
“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products,” the company said in a security advisory.
According to the advisory, attackers could exploit the vulnerability by requesting users to preview or open a specially crafted email or web content.
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, but the impact would be lower on users who do not operate with full administrative rights.
Microsoft said it would take appropriate action to address the issue, which “may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs”.
In a security advisory, Microsoft has made available a Fix It tool as a temporary measure, which the company is urging at-risk users to install.
“The hope is that Microsoft releases a proper fix for the vulnerability – and close the door permanently on future attacks exploiting the flaw – as soon as possible,” said independent security consultant Graham Cluley.
“It is worth emphasising that unlike most fixes from Microsoft, the Fix It tool will not be automatically rolled out to users.
If you want to protect your computers from having the flaw exploited, you need to download and run the tool,” he wrote in a blog post.
More on zero-day vulnerabilities and exploits
Oracle rushes out patches for Java zero days
Disable Java to protect from latest zero-day
Microsoft issues quick fix for IE zero-day vulnerability
Microsoft investigates IE zero-day flaw
Zero-day exploit for Yahoo Mail goes on sale
MySQL security analysis: Mitigating MySQL zero-day flaws
Private market growing for zero-day exploits and vulnerabilities
Adobe investigates zero-day that bypasses Reader X sandbox
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners.
If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com